Display Cisco ISE Usernames for Failed Authentications
In this quick tip Cisco ISE article I would like to point out how ISE administrators can displays usernames for failed authentications. The following has been tested on ISE 2.4 but is relevant for older ISE versions. When a user/machine fails authentication ISE will mask the identity automatically. This can be seen in the RADIUS Live Logs and looks like the screenshot (1) shown below. Although you can click on the details of each live log, sometimes it’s good to know what the identity is to troubleshoot further. The good news is that with ISE, we can unmask the identity, however, the bad news for some is that you can only keep identities unmasked for a limited time, depending on ISE version. As of up to ISE 2.4 patch 3 you cannot keep identities unmasked permanently, in fact, the maximum time in which you can keep identities unmasked for is 30 minutes before ISE masks them again. As mentioned, this is not convenient and was in fact raised as a bug (CSCvh91118). I believe ISE releases