https://community.cisco.com/t5/network-access-control/ise-tcp-dump-query/m-p/4926467#M584140 <P>Yes, it was the loadbalancer after all - the packet capture on the switch showed no sign of the traffic. All sorted now</P> Wed, 20 Sep 2023 10:03:42 GMT andrewswanson 2023-09-20T10:03:42Z https://community.cisco.com/t5/network-access-control/ise-tcp-dump-query/m-p/4925867#M584131 <P>Hi</P><P>I recently upgraded an ISE deployment from 2.7 patch 7 to 3.2 patch 3. One of the PSNs failed during the upgrade so I deregistered the node and manually installed 3.2 patch 3 before re-registering it with the deployment.</P><P>All services are working fine except for the following issue with External RADIUS Servers.</P><UL><LI>the 2 PSNs that successfully upgraded are working fine with the configured External RADIUS Servers - ISE TCP dumps show RADIUS traffic</LI><LI>the PSN that failed the upgrade does not respond to RADIUS requests from the External RADIUS Servers. The External RADIUS Servers report "No Reply" with this PSN. ISE TCP dumps show no RADIUS traffic from the External RADIUS Server but does show icmp. ISE RADIUS logs show nothing for this traffic.</LI><LI>the PSN that failed the upgrade works fine with all other RADIUS traffic</LI></UL><P>The PSNs are behind a loadbalancer - I confirmed with packet captures that I could see RADIUS traffic from the External RADIUS Servers to the PSN passing through the edge firewalls and the loadbalancer. This RADIUS traffic just seems to disappear!!</P><P>The deployment does have issues with External RADIUS Servers bugs like the one below.</P><P><A href="https://bst.cisco.com/bugsearch/bug/CSCwb04566" target="_blank">https://bst.cisco.com/bugsearch/bug/CSCwb04566</A></P><P>Does the fact that the ISE TCP dumps show no sign of this RADIUS traffic definitively mean that the PSN isn't receiving it?</P><P>Thanks<BR />Andy</P> Tue, 19 Sep 2023 15:49:37 GMT https://community.cisco.com/t5/network-access-control/ise-tcp-dump-query/m-p/4925867#M584131 andrewswanson 2023-09-19T15:49:37Z https://community.cisco.com/t5/network-access-control/ise-tcp-dump-query/m-p/4925919#M584132 <P>Yes, I would anticipate this being an issue with the load balancer or firewalls.</P> Tue, 19 Sep 2023 17:22:19 GMT https://community.cisco.com/t5/network-access-control/ise-tcp-dump-query/m-p/4925919#M584132 ahollifield 2023-09-19T17:22:19Z https://community.cisco.com/t5/network-access-control/ise-tcp-dump-query/m-p/4926023#M584135 <P>Thanks for the reply. It does sound like it given the lack of RADIUS traffic from the External RADIUS Servers in the TCP dump (RADIUS traffic from the loadbalancer and other NADs to the affected PSN is showing in the dumps and no changes have been made to the loadbalancer). The PSN is an appliance - I'll arrange a packet capture on its upstream switch to confirm if the traffic is actually reaching it.</P><P>Cheers</P><P>Andy</P> Tue, 19 Sep 2023 17:54:18 GMT https://community.cisco.com/t5/network-access-control/ise-tcp-dump-query/m-p/4926023#M584135 andrewswanson 2023-09-19T17:54:18Z https://community.cisco.com/t5/network-access-control/ise-tcp-dump-query/m-p/4926467#M584140 <P>Yes, it was the loadbalancer after all - the packet capture on the switch showed no sign of the traffic. All sorted now</P> Wed, 20 Sep 2023 10:03:42 GMT https://community.cisco.com/t5/network-access-control/ise-tcp-dump-query/m-p/4926467#M584140 andrewswanson 2023-09-20T10:03:42Z