MX Appliance, ISE, 802.1x Accounting - No Client IP Address?

DanN
Comes here often

MX Appliance, ISE, 802.1x Accounting - No Client IP Address?

Hi

 

I've noticed on our Cisco ISE logs that, when a device authenticates using 802.1x from an MX appliance - either an SSID broadcast from it or a wired access port - the client IP address isn't learned. It seems that these devices don't support RADIUS Accounting as there's nowhere to configure it when creating the SSID or when configuring the access policy. If they truly don't, why?? 

 

Is there any other way I can learn the client device IP on ISE? I'm new to Meraki, but not to ISE, and can't really see a way to get it working with SNMP, and the we're doing DHCP locally on the MX appliances so I can't capture the DHCP traffic. This is a problem for profiling and I'm intending to use Security Group Tagging at some point in the future and will need the IP-SGT mappings to send to a firewall for policy enforcement - this obviously won't work if ISE never learns the client IP.

 

Thanks

0 Replies 0
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels