Solved: This looks an issue with the endpoints and switch but Not related to Cisco ISE 2.2

jm.virtual01 · ‎04-26-2019

I am going through some strange issue on ISE 2.2. I have some special kind of monitors in my network. On this monitors, i have two NIC cards for two separate operation. I need to connect each NIC with the separate switch port. In short ,i need two separate switch port for the single monitor.

Now my question is that, i have multi-domain configured on the switch port and theoretically i have a single MAC on each switch port so this connected MAC should be as Static, is it correct?

On some ports, it is showing as a Dynamic and on the others, it is showing as a Static?

On the interface, where it is showing as Dynamic, i can not see any sessions on it.

Also in the logs, i can see the multiple queries for the authentication in every 2 to 5 minutes?

Does anyone has any suggestion?

hslai · ‎04-30-2019

You are correct that the two network interfaces usually have two different mac addresses. Please verify they are indeed two unique ones.

The fact that you are not seeing sessions would mean the switch interface not sensing an endpoint connected to it. One reason could be that the endpoint has the interface in disabled state.

I would suggest you to connect one interface at a time and see whether authenticated with a session and verify its mac address info. If somehow the mac address not unique, please check with the monitor vendor. If different switch interface ports giving different results when identically configured, please engage Cisco TAC support to troubleshoot the switch.

View solution in original post

hslai · ‎04-30-2019

You are correct that the two network interfaces usually have two different mac addresses. Please verify they are indeed two unique ones.

The fact that you are not seeing sessions would mean the switch interface not sensing an endpoint connected to it. One reason could be that the endpoint has the interface in disabled state.

I would suggest you to connect one interface at a time and see whether authenticated with a session and verify its mac address info. If somehow the mac address not unique, please check with the monitor vendor. If different switch interface ports giving different results when identically configured, please engage Cisco TAC support to troubleshoot the switch.