08-26-2012 09:18 PM - edited 03-10-2019 07:27 PM
Hi All,
Does anyone get the same result as me when integrating Cisco ISE with Wireless LAN Controller ?
My Authentication Policy :
Name: IsGuestAuthen
IF "WLC_Authentication" THEN "Default Network Access" > "Internal Users"
My Authorization Policy :
Name: IsGuestAuthen
IF "Guest" THEN "InternetOnly"
When I monitoring on the Live Authentication page, I can see only the MAC address and a guest account that authenticated. I cannot see the IP address of the guest client. Do you get the same result as me ?
Please advise on how to get the IP address of the guest client to show on the Live Authentication Page.
Thanks,
Pongsatorn Maneesud
08-26-2012 09:23 PM
Hi,
You want the mac address to come through in the access-request because of the radius probe feature. If you change the calling station id to the ip address then you lose the ability to validate the endpoint the client is authenticating through.
However you should be able to go the endpoint database and see the ip address that it was assigned via dhcp.
Thanks,
Tarik Admani
*Please rate helpful posts*
08-26-2012 09:36 PM
Tarik,
Can I show both of them in the Live Authentication ?
As I understand, this is the limitation of WLC RADIUS attribute "Frame-IP-Address". Am I right ?
It would be useful if we can see in the same screen due to the correlation information.
Thanks,
Pongsatorn Maneesud
08-26-2012 09:59 PM
Exactly...here is the list of attributes sent in the access-request from the wlc -
The framed ip address is sent in the accounting packet which doesnt appear in the live authentication report.
If you are up to speed on rest api's here is some reference material on this:
http://www.cisco.com/en/US/docs/security/ise/1.1/api_ref_guide/ise_api_ref_ch2.html#wp1089826
You can also run radius accounting report and filter it based off of account-start packets which will have the username and the ip address along with the mac address.
Thanks,
Tarik Admani
*Please rate helpful posts*
11-29-2012 05:43 AM
I have the same problem. Also want to see the guest ip address in the live authentication. We need the correlation between MAC-USER-IP for legal reasons. Was hoping that ISE could solve this, but apparently it can't.
11-05-2014 01:19 PM
HI gnijs,
Any updated regarding your post. I need the same information from ISE.
thanks
AC
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: