Hmm, can you:- Post your

desweiler · ‎08-18-2014

Hello,

when I authenticate an endpoint via ISE it shows as an "active endpoint".

After some time (maybe one/two hours) the endpoint is not shown as active anymore although the aaa session is still active on the switch. In ISE it shows: DISCONNECTED (No Accounting received)

I don't use reauthentication. Radius Accounting is working however. Is there an option so that the switch periodically sends a packet that the endpoint is still active? Or why does it "time out" so that the ise does not show it as active anymore?

The authentication is working all the time the problem is just that the ise shows it as not active.

mohanak · ‎08-18-2014

SNMP Trap Probe

The SNMP Trap receives information from the specific network access devices that support MAC notification, linkup, linkdown, and informs. The SNMP Trap probe receives information from the specific network access devices when ports come up or go down and endpoints disconnect from or connect to your network, which results in the information received that is not sufficient to create endpoints in Cisco ISE.

For SNMP Trap to be fully functional and create endpoints, you must enable SNMP Query so that the SNMP Query probe triggers a poll event on the particular port of the network access device when a trap is received. To make this feature fully functional you should configure the network access device and SNMP Trap.

Note Cisco ISE does not support SNMP Traps that are received from the Wireless LAN Controllers (WLCs) and Access Points (APs).

tbourguillioen · ‎12-18-2014

I've had a very similar problem before with the 3850 series. After some investigation, it seemed that the switch was not properly sending accounting information to the ISE.

In our situation it was solved by adding the command "radius-server attribute 31 send nas-port-detail" on the access switch. Perhaps worth a try.

nspasov · ‎08-18-2014

Hmm, can you:

- Post your switch config

- Tell us the version of ISE and switch that you are running

desweiler · ‎08-19-2014

I am using 3750-X and 2960CG with IOS 15.2(2)E.

ISE is ISE is 1.2.1.198 Patch 1.

Switchconfig:

aaa new-model

aaa group server radius ise
server-private 1.2.3.4 auth-port 1812 acct-port 1813 key 7 1234567
ip radius source-interface Vlan100

aaa authentication dot1x default group ise
aaa authorization network default group ise
aaa accounting update periodic 5 (I thought this might help!?!?)
aaa accounting dot1x default start-stop group ise

radius-server vsa send accounting
radius-server vsa send authentication

radius-server attribute 6 on-for-login-auth
radius-server attribute 8 include-in-access-req
radius-server attribute 25 access-request include

dot1x system-auth-control

mohanak · ‎08-19-2014

Dashboard Endpoint Inaccuracy

CSCup21881

Description

Symptom:
Endpoint dashboard reset

Conditions:
1.2.1 upgrade

Workaround:
N/A

Last Modified:

Jun 6,2014

Status:

Open

Severity:

4 Minor

Product:

Cisco Identity Services Engine (ISE) 3300 Series Appliances

Known Affected Releases:

(1)

1.2(1.198)

nspasov · ‎08-20-2014

Mohanak, thank you for sharing the bug ID, however, the bug does not have enough details to neither confirm or deny that it is in fact the cause of this issue. Is there a chance that you could provide more info/details on the bug?

ISE: Active Endpoints reset after some time

SNMP Trap Probe