Solved: Anyconnect 4.5 - Wired and Wireless –Policy Server Switch over Issue-ISE-2.3.0.298 ( Patch 2)

mahadeer md ismail · ‎08-04-2018

ISE-2.3.0.298 ( Patch 2)

MySet up

ISE1 and ISE2 and kept as below for load balancing.

Wireless user ISE2 as primary

Wired user ISE1 as primary

Normally the load balancing and 801.x working for wired and wireless and faced the issue with below circumstance as randomly.

Any connect ISE posture not performed in Primary Server-ISE1 when the network change happened from Wifi to wired.

For example, when WiFi and the primary LAN are connected in laptop, the agent restarted discovery and connected ISE 1 and when LAN is removed then agent restarted the discovery and connected to ISE 2 but when LAN connected back the agent restarted the discovery and shows as compliance but not connected with ISE1 and still connected to ISE2 and when checked the logs in the ISE and the switch we can see non-compliance and re direct URL placed.

Due to this User URL gets re directed and going to Client Provisioning Portal for Device Security Check,

Plz give some inputs.

hslai · ‎08-05-2018

You mentioned this happening randomly so please open a TAC case to work on it.

We would likely need capture the debug logs of ISE sessions and posture components, besides AnyConnect DART bundles.

View solution in original post

hslai · ‎08-05-2018

You mentioned this happening randomly so please open a TAC case to work on it.

We would likely need capture the debug logs of ISE sessions and posture components, besides AnyConnect DART bundles.

mahadeer md ismail · ‎08-06-2018

Thanks and will work with TAC. One question, is ter any limitation for LB in ISE with this kind of scenario? Plz advice.