Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

NAC clients via ISE authenticating but dhcp address not being assigned

So if I do a static ip address it works fine, but if I turn off static, the machine authenticates fine, but is not assigned to the access vlan, and it does not get an ip address.

now when I use static I notice in the ISE live authentication logs, 11213 No response received from Network Access Device, for the switch even though its configured correctly.

JJ

5 REPLIES

NAC clients via ISE authenticating but dhcp address not being as

Jeffrey,

In the radius debugs do you show an access-accept? Are you using dynamic vlan assignment and being placed in the wrong vlan? Also are you triggering coa? The error you are seeing is it for dynamic authorization? I have seen the 11213 messages when CoA is misconfigured.

If you can run "debug radius authentication" and see the attributes that are being sent down from the ISE appliance.

Also take a look at this guide for reference:

http://www.cisco.com/en/US/docs/security/ise/1.1/user_guide/ise_sw_cnfg.html

Thanks,

Tarik Admani

Tarik Admani *Please rate helpful posts*
New Member

NAC clients via ISE authenticating but dhcp address not being as

It was an issue with the IOS version on the switch itself, once upgraded it all came through fine. with the debug radius authentication on, I saw 3 CoA requests in a row, with no response from the switch.

Jeff

NAC clients via ISE authenticating but dhcp address not being as

So what version is it working on then  ?

New Member

NAC clients via ISE authenticating but dhcp address not being as

switch was running 12.2(50), was not correct until version 12.2(55), ended up going all way to 150-1.SE2, this correct the issue, now I am working on issues with Avaya connected phones with no voice vlan defined.

NAC clients via ISE authenticating but dhcp address not being as

Good to know, i might be having similar issues, but unfortunately i am already on 12.2(55)SE2, will try 15.x next chance i get.

If you use mab for your avaya phones, make sure you send the traffic-class=voice attribute to the switch in your athorization result for the phone voice vlan.

1022
Views
0
Helpful
5
Replies