[CDA+ISE] Multi-Homed (Wired/Wireless) Workstations only partially ID'd in CDA

zztopping · ‎04-21-2014

CDA Patch 2

ISE 1.2 Patch 5

CDA with AD and ISE integration is currently working, however for machines with BOTH a Wired and Wireless connection, CDA is auto-unmapping the wired connection, but leaving the wireless in place. ISE shows two valid sessions in its operations log. (both are 802.1x with the same identity).

I would expect that CDA would show both mappings at all times. Any ideas?

I see the following CDA messages when this unmapping is taking place:

2014-04-21T16:52:46.517-04:00 0000088473 70002 DEBUG RADIUS: Parsed RADIUS Message, session={system:cda-session=cda/11429/2014-04-16T11:29:42.851-04:00/341476}, radius-request={cisco:
Cisco-AVPair=entity-attr:op=remove, cisco:Cisco-AVPair=entity-attr:entity-id:ip=192.168.x.x, radius:NAS-IP-Address=192.168.x.x, system:packet-id=98, system:packet-size=101, system:pa
cket-type=Accounting-Request}
2014-04-21T16:52:46.517-04:00 0000088474 70007 DEBUG RADIUS: Selected CDA RADIUS parser, session={system:cda-session=cda/11429/2014-04-16T11:29:42.851-04:00/341476}, radius-request={c
isco:Cisco-AVPair=entity-attr:op=remove, cisco:Cisco-AVPair=entity-attr:entity-id:ip=192.168.x.x, radius:NAS-IP-Address=192.168.x.x, system:packet-id=98, system:packet-size=101, syst
em:packet-type=Accounting-Request}
2014-04-21T16:52:46.517-04:00 0000088475 40008 DEBUG ContextManager: Parsed CDA Attributes, session={system:cda-session=cda/11429/2014-04-16T11:29:42.851-04:00/341476}, cda-request={c
da-mappings={entity-attr:entity-id:ip=192.168.x.x, entity-attr:op=remove}}