Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1070
Views
10
Helpful
2
Replies

Cisco ISE Citrix Netscaler Issue

pgiouvanellis
Level 1
Level 1

‎02-12-2020 06:12 AM

Hello everyone ,

 

We have a deployment with 2 PAN nodes and 4 PSN nodes .Also we have a citrix netscaler for Load Balancing 

of PSNs .

 

We facing an issue 2 days now . The issue is described below .

 

Suddenly some Switch are not able to send auth session to ISE servers , we perform TCP Dump to ISE Servers 

and it seems that we are not receiving packets from some Switches .

 

Also on Netscaler we notice also from packet capture that the packet is received to Netscaler but is not forwarded to Back-end Server (ISE) we are not able to find why .

 

Is someone had any similar issue on past and is able to give us any hint on these issue ?

 

Thank You ,

Palaiologos

 

 

 

 

0 Helpful
2 Replies 2

Damien Miller
VIP Alumni
VIP Alumni

‎02-12-2020 08:06 AM

I've had no shortage of issues with Netscaler's over the years, but in general they work find for ISE. Confirm that no one changed anything on the LB in the past few days, specifically around the MTU. A small change to enable jumbo frames can oten lead to broken radius flow when doing eap-tls.

I would engage Citrix support for this issue though since it's likely neither an ISE or switch problem if TCP dumps are showing packet loss on it.

Surendra
Cisco Employee
Cisco Employee

‎02-12-2020 09:07 AM

NetScaler by default has 5 MB of RAM allocated for RADIUS and TACACS and if the utilization goes overboard, then you will see NetScaler unable to process any further requests. I’ve learnt this very recently and would suggest you to check with NetScaler support.
Customers Also Viewed These Support Documents