01-18-2018 12:40 PM - edited 02-21-2020 10:43 AM
Hello,
I'm looking for some assistance with a problem I've been experiencing more lately.
We've been running ISE for a while now and have had very few issues, but recently there has been a few computers that don't seem to get granted full access to the network for whatever reason.
When the computer it turned on it's pingable, but no one can log into it. If you sign in as admin it says it's connected to "Network", has limited connectivity, and unable to browse to network drives. The computer will work fine if it's moved to a different switch stack. We've taken the ISE configuration off the port and then it connected fine. It seems like ISE is just quarantining the MAC address on that switch stack for that computer somewhere. I just don't know where to find it. Other workstations on that connection work fine. Everything appears to be normal when compared to other workstations.
We've also removed the entry right out of ISE, but it still continues when re-added.
Any ideas?
Thanks!
Solved! Go to Solution.
01-19-2018 07:00 AM
No they're not.
We found a temporary solution is to reboot the switch stack, we will see how long it lasts. Apparently there is a know bug with the version of software on the switch.
01-18-2018 01:12 PM
Are the auth requests hitting the ISE server? Are you able to see any errors in the details for authentication it can give you a better idea of why it is failing.
If you aren't getting any requests to ISE you might want to look on the switch stack to see if there are any stuck auth sessions (show auth session) for the device in question. In our deployment we noticed that a couple times there was a stuck session on a switch port and even if the device was moved to another port on the switch it wouldn't authenticate at all and wouldn't be connected to the network.
01-18-2018 03:23 PM
I can see successful authentications and there doesn't appear to be any stuck sessions.
01-19-2018 04:49 AM
Are the authentications failing? If so what is the error?
01-19-2018 07:00 AM
No they're not.
We found a temporary solution is to reboot the switch stack, we will see how long it lasts. Apparently there is a know bug with the version of software on the switch.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide