Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
740
Views
0
Helpful
0
Replies

Is it possible to read devices macs that are behind vpn through PxGrid sessions?

Yakirke
Level 1
Level 1

‎10-20-2020 02:06 PM - edited ‎10-20-2020 02:09 PM

We would like to satisfy a use case of devices that are connected through vpn and identify those devices by their MAC Addresses:
1. The newer Cisco VPN has an ACIDex feature (AnyConnect Identity Extensions feature) that helps relay hardware/software attributes in RADIUS to ISE through ASA. Specifically, the mac address. (link)
2. These attributes appear as av-pairs (attribute-value pairs) in RADIUS sessions. From what we've seen MAC Addresses should be specified under mdm-tlv=device-mac=<MAC Address> (link)
3. I found that RADIUSimulator reports an RADIUSAVPairs list in sessions - that's where we hope to find this field (link).

I checked all sorts of sources online (e.g this resource had some explanation on ACIDex and Macs),
and couldn't find a clear indication of mdm-tlv=device-mac / av-pairs specified and accessible on PxGrid's Session Directory.
Are those AnyConnect av-pairs available through PxGrid's sessions directory? 

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents