04-16-2019 05:15 PM
I have cisco ise 2.2 in our network. I have an issue with one switch stack in ISE, initially i have an error message in the live logs for this switch stack. The error message was "#CTSREQUEST#". I solved it by reapplying the PAC keys but after this, once i have successful connection between ISE ans switch but then after, i got another error message, the error message is "CTS TEST SERVER". I have no clue for this error message.
The another issue is with the authentication, i can not see any dot1x session from this switch. There is no any failure logs in the live logs on ISE or on Switch as well. Only mab authentication will happen successfully. The switch port configuration look fine and i am using multi domain authentication. I have one phone and PC connected on the interface. The phone can authenticate successfully through mab but not PC.
The PC should authenticate through dot1x but not.
when i hit the sh authentication session int x/x command, i can see only mab session, not dot1x. Can not see any auth or Unauth dot1x session.
Solved! Go to Solution.
04-22-2019 10:28 PM
Please open a TAC case if this is still an issue. This forum is to help solve simple configuration issue, understand design or for deployment related questions etc. This forum is not meant for deep dive troubleshooting.
-Krishnan
04-16-2019 05:23 PM
04-16-2019 06:29 PM
No. If the PC is directly connected to the switch. There is no active session on that interface.
04-16-2019 09:29 PM
04-17-2019 05:29 AM
i can ping from the switch where i am facing the issue with the following command,
ping x.x.x.x size 1500
so mtu size is not an issue, i believe so
Are there any commands to check the connectivity between ISE to networking device ? I want to check the radius server status. I can ping all my server from the switch.
04-17-2019 07:05 AM
If you are using EAP-TLS and there is a GRE tunnel between the switch and the ISE PSNs then you could be running into fragmentation drops if your PSNs are behind an F5 load balancer. F5 documents this issue here:
https://support.f5.com/csp/article/K17102
04-17-2019 07:55 AM
i am using the tunnel. F5 is not in this picture.
04-17-2019 09:15 AM
Are there any commands to check the connectivity between ISE and switch? I want to test the communication between switch and ISE.
04-22-2019 10:28 PM
Please open a TAC case if this is still an issue. This forum is to help solve simple configuration issue, understand design or for deployment related questions etc. This forum is not meant for deep dive troubleshooting.
-Krishnan
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide