Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
910
Views
0
Helpful
4
Replies

ISE limiting computers network connectivity

Go to solution
BoBo1
Level 1
Level 1

‎01-18-2018 12:40 PM - edited ‎02-21-2020 10:43 AM

Hello,

I'm looking for some assistance with a problem I've been experiencing more lately.

 

We've been running ISE for a while now and have had very few issues, but recently there has been a few computers that don't seem to get granted full access to the network for whatever reason.

 

When the computer it turned on it's pingable, but no one can log into it. If you sign in as admin it says it's connected to "Network", has limited connectivity, and unable to browse to network drives. The computer will work fine if it's moved to a different switch stack. We've taken the ISE configuration off the port and then it connected fine. It seems like ISE is just quarantining the MAC address on that switch stack for that computer somewhere. I just don't know where to find it. Other workstations on that connection work fine. Everything appears to be normal when compared to other workstations. 

 

We've also removed the entry right out of ISE, but it still continues when re-added.

 

Any ideas?

 

Thanks!

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
BoBo1
Level 1
Level 1
In response to Ben Walters

‎01-19-2018 07:00 AM

No they're not.

We found a temporary solution is to reboot the switch stack, we will see how long it lasts. Apparently there is a know bug with the version of software on the switch.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Ben Walters
Level 3
Level 3

‎01-18-2018 01:12 PM

Are the auth requests hitting the ISE server? Are you able to see any errors in the details for authentication it can give you a better idea of why it is failing.  

 

If you aren't getting any requests to ISE you might want to look on the switch stack to see if there are any stuck auth sessions (show auth session) for the device in question. In our deployment we noticed that a couple times there was a stuck session on a switch port and even if the device was moved to another port on the switch it wouldn't authenticate at all and wouldn't be connected to the network.

0 Helpful

Go to solution
BoBo1
Level 1
Level 1
In response to Ben Walters

‎01-18-2018 03:23 PM

I can see successful authentications and there doesn't appear to be any stuck sessions.

0 Helpful

Go to solution
Ben Walters
Level 3
Level 3
In response to BoBo1

‎01-19-2018 04:49 AM

Are the authentications failing? If so what is the error?

0 Helpful

Go to solution
BoBo1
Level 1
Level 1
In response to Ben Walters

‎01-19-2018 07:00 AM

No they're not.

We found a temporary solution is to reboot the switch stack, we will see how long it lasts. Apparently there is a know bug with the version of software on the switch.

0 Helpful
Customers Also Viewed These Support Documents