Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

IP device tracking on 3560 with ISE policies

Hi,

I am in the process of testing a solution for a client and I have run into an interesting issue where a Windows XP laptop connected to the 3560 running

c3560-ipservicesk9-mz.122-55.SE5 displays 192.168.1.2 as its IP within IP device tracking. I have tested with 802.1X & MAB with the same 192.168.1.2 however the device is recieving the correct IP address via DHCP. I am in the process of trying to verify if it is the laptop or Windows XP, but I thought I would post to see if anyone has experienced this before?

A more indepth rundown of what I have running is ISE1.1 with multiple rule matching to provide inacl entries depending on the AD security groups the user has, the switchport is configured with MAB & 802.1X in that order but with 802.1X with the higher priority. Authentication is working correctly as the ISE is providing the inacl entries to the switch but as device tracking has the wrong IP, the acl applied to the port does not allow access for the end device.

Thanks

Blake

836
Views
0
Helpful
0
Replies
CreatePlease login to create content