Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
287
Views
1
Helpful
1
Replies

Cisco ISE 3.3

Jay233
Level 1
Level 1

‎07-30-2024 10:32 AM

Hi All,

Seeing / have a strange issue with upgrading ISE from 2.7 to 3.3, I've doing a like for like parallel upgrade and hit an issue with switch compatibility.

SWITCHES  - - CAT 9200 (IOS-17.3) work fine but CAT 2960 (IOS-12.55) and 2960x (IOS-15.2) switches seem to have issues with receiving CoA associated with AnyConnect posture compliance. Verified policy and authentication (machine auth) set is working as per original 2.7 deployment.

Any help would be very appreciated.   

 

0 Helpful
1 Reply 1

Arne Bier
VIP
VIP

‎07-30-2024 01:59 PM

If this is happening in your production environment, I hope you already have a TAC case open.  There should be no change to the CoA between 2.7 and 3.3 but I would start with a tcpdump on the PSN to see what ISE 3.3 is sending to the NAD, and also, whether the  NAD running 12.55 sends the ACK to ISE. Compare that with the same scenario of a NAD running IOS-XE 17.3. If you still have a 2.7 PSN running, do the same there and compare the captures. 12.55 is pretty ancient to be honest - perhaps a reboot will fix it, in the absence of any better advice.

Customers Also Viewed These Support Documents