Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1889
Views
0
Helpful
4
Replies

IP address is empty in Live Sessions of ISE

zhaoz
Level 1
Level 1

‎10-20-2021 10:51 AM

Hi,

Currently I am integrating ISE(software version: v2.7, patch 5) with Fortinet switch. And my endpoint which is connected to the switch has been authenticated from ISE successfully, just like the snapshot below. However, in Live Sessions, "IP Address" column is always empty. IP address is very critical for my current job since I need to utilize REST API to perform network access control based on IP address of endpoints. I guess I need to do more configuration on ISE side or the switch side. I looked up documents online but no answers. Who can tell me what configuration I need to do? Thanks so much.

 

 

image.png

0 Helpful
4 Replies 4

Marcelo Morais
VIP
VIP

‎10-20-2021 01:17 PM

Hi @zhaoz ,

 Probes that can be used to provide IP-to-MAC binding information are:
RADIUS (via the Framed-IP-Address attribute)
DHCP (via the dhcp-requested-address attribute)
SNMP Query (via SNMP polling)

 If you enable any of these Probes (at Administration > System > Deployment > select your PSN > Profiling Configuration tab) please check one of the attributes on Context Visibility of an specific Endpoint.

 

Hope this helps !!!

0 Helpful

zhaoz
Level 1
Level 1
In response to Marcelo Morais

‎10-20-2021 02:44 PM

hi Marcelo,

DHCP, RADIUS and SNMP Query are all enabled. But the switch to which my endpoint is connecting is mainly working on Radius with ISE. 

image.png

image.png

 

I'm not sure if "Attributes" highlighted by red circle in the snapshot below is what you want me to check. If so, there are lots of attributes in this page. and no Framed-IP-Address, dhcp-requested-address or SNMP polling attribute show up there.

image.png

 

what else can I check for further? Thanks a lot.

0 Helpful

Marcelo Morais
VIP
VIP
In response to zhaoz

‎10-20-2021 04:30 PM

Hi @zhaoz ,

 yes, the location is correct, for ex.:

FamedIPAddr.png

 The Current IP Addr and the Framed IP Addr have the same info.

 This particular Endpoint is Endpoint Profile: VMWare-Device ... are you having this issue with all Endpoints or just an specific one?

 

Hope this helps !!!

 

0 Helpful

zhaoz
Level 1
Level 1
In response to Marcelo Morais

‎10-20-2021 04:51 PM

Hi Marcelo,

Actually the endpoint and ISE are deployed in VM. I think this is why Endpoint Profile shows VMWare-Device. ISE should be OK to work with an endpoint in VM environment. And currently I deployed only one endpoint in VM.

As you saw, Current IP Address is empty in my snapshot. There is also no Framed IP Address showed up. How can I get Framed IP Address? Especially my switch is from other vendor rather than Cisco.

0 Helpful
Customers Also Viewed These Support Documents