cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
657
Views
0
Helpful
8
Replies

6880 ISE ISSUE 15.2 SY3

misbah.hassan1
Level 1
Level 1

HI ALL,

I am facing an issue with 6800 X-LE with version 15.2 SY3 

We deployed 6800 X-LE two months ago and everything works fine and last week when we added more users we start facing issues mentioned below:

1: User got authenticated and ip address is assigned but server policies and resultant policies are empty and user cannot access anything.

sh authentication sessions interface g111/1/0/1 p
Interface: GigabitEthernet111/1/0/1
MAC Address: accc.8e1b.fe41
IPv6 Address: Unknown
IPv4 Address: 10.51.21.47
User-Name: AC-CC-8E-1B-FE-41
Status: Authorized
Domain: DATA
Oper host mode: multi-auth
Oper control dir: both
Session timeout: N/A
Common Session ID: 0A3C035E00011DBA0F4E3284
Acct Session ID: 0x00020CDB
Handle: 0x2B000588
Current Policy: POLICY_Gi111/1/0/1

Local Policies:
Service Template: DEFAULT_LINKSEC_POLICY_SHOULD_SECURE (priority 150)

Server Policies:

Resultant Policies:

Method status list:
Method State
dot1x Stopped
mab Authc Success

2: User got authenticated and ip address is assigned along with server policies and resultant policies but user is too slow to work means he cannot access some resources ( profile , internet etc)

sh authentication sessions interface g111/1/0/1 p
Interface: GigabitEthernet111/1/0/1
MAC Address: accc.8e1b.fe41
IPv6 Address: Unknown
IPv4 Address: 10.51.21.47
User-Name: AC-CC-8E-1B-FE-41
Status: Authorized
Domain: DATA
Oper host mode: multi-auth
Oper control dir: both
Session timeout: N/A
Common Session ID: 0A3C035E00011DBA0F4E3284
Acct Session ID: 0x00020CDB
Handle: 0x2B000588
Current Policy: POLICY_Gi111/1/0/1

Local Policies:
Service Template: DEFAULT_LINKSEC_POLICY_SHOULD_SECURE (priority 150)

Server Policies:
ACS ACL: xACSACLx-IP-dmg-permit-all-ACL-532c1ef5

Resultant Policies:
ACS ACL: xACSACLx-IP-dmg-permit-all-ACL-532c1ef5

Method status list:
Method State
dot1x Stopped
mab Authc Success

3: User got authenticated and ip address is assigned along with server policies and resultant policies but user is too slow to work means he cannot access some resources ( profile ) but internet is working fine.

TEMP SOLUTION: 

Delete dot1x commands and add again it works then after some time other user got the same issue.

I have checked TCAM TABLE  and found TCAM B BANK 0 AND 1 are utilized heavily but i am not sure if it is making a problem?

#show platform software acl tcam count
Showing TCAM counts
Total Used Free
=======+=======+=======
TCAM A Bank 0 16384 4092 12292
TCAM A Bank 1 16384 25 16359
TCAM B Bank 0 16384 16355 29
TCAM B Bank 1 16384 16358 26

QoS TCAM
========
Total Used Free
=======+=======+=======
TCAM A Bank 0 16384 4092 12292

RBACL Entries
=============
Total Used Free
=======+=======+=======
DGT_SGT Region 0 0 0
ANY_ANY Region 0 0 0


Labels
======
Total Used Free
-------------------------+-------+-------
TCAM A 8192 679 7513
TCAM B 8192 1470 6722


MISC
====
Total Used Free
------------------------+-------+-------
LOU 208 4 204
ANDOR 16 0 16
IPv6 Ext Hdr Flags 16 0 16
Accounting Table 4096 64 4032
Ethertype Cam 16 0 16
Destinfo (IN) 512 4 508
Destinfo (OUT) 512 15 497

8 Replies 8

andrewswanson
Level 7
Level 7

How old is the 6800 X-LE ? They used to ship with 2G memory (they now ship with 4G). I'd heard there were some scaling issues when the 6800 X-LE  has 2G memory.

Andy

Hi Andy,

They came with 2GB memory! and we are using 930 ports in which almost 700 ports are with phone and pc and 200 for services.

MH

There is a memory upgrade path for the 6800 X-LE. The part number is c6880-x-le-memkit= which contains 2x2G memory (one of these kits is required per chassis) - as far as I'm aware the part is free.

It would be worth contacting TAC to get them to confirm whether this upgrade would help with the scaling issue you are seeing.

hth

Andy

Actually memory doesn't show above than 61 percent .

It is something related with ISE or hardware capabilities with dot1x?

It is related to Instant Access. When I deployed IA last year I heard that there could be scaling issues with the 2G 6800 X-LE which is how I found out about the memory upgrade.

hth

Andy

There is some as it was working fine for two months and then last weekend we added more users and this issue starts!

it must be scaling issue!

Yes, it could be. Check with TAC first - the part is still listed as being free on GPL.

hth

Andy

I will definitely ask for memory increased once we fixed this issue

if you find any solution for this please let me know

Thanks Andy !