Re: Cisco ISE DACL download failed

ibrahim_hassan · ‎12-22-2015

Hello,

we have ISE 1.4 patch 4 , suddenly all switches in WAN can't download DACL and then put the use in Authz failed.

this issue didn't happened in LAN.

Also we tried to decrease the lines of ACL to 22 lines and then it is working , but it was working before with 56 lines without any problem (also, the LAN switches still working with 56 lines).

Dec 22 2015 09:55:21.278: %EPM-6-AAA: POLICY xACSACLx-565d4aa9| EVENT DOWNLOAD-REQUEST
Dec 22 2015 09:55:35.220: %RADIUS-4-RADIUS_DEAD: RADIUS server x.x.x.x:1812,1813 is not responding.
Dec 22 2015 09:55:35.220: %RADIUS-4-RADIUS_ALIVE: RADIUS server x.x.x.x:1812,1813 is being marked alive.
Dec 22 2015 09:55:40.455: %EPM-6-AAA: POLICY xACSACLx565d4aa9| EVENT DOWNLOAD-FAIL

from the tcpdump in the PSN node , we can see the packet it fragmented before leaving ISE.

Is there anyone faced this issue?

Thanks,

Ibrahim

nspasov · ‎12-23-2015

Can you provide some more info:

1. What are you referring to when you say LAN vs WAN

2. What are the switch models and version of code that they are running

3. Output from the following commands:

show sdm prefer

show platform tcam utilization

show mac address-table count | i Total

Thank you for rating helpful posts!

Burhan Kara · ‎12-26-2017

Hi there, we have the same issue, did you solve the problem? Thanks.

Mohammed al Baqari · ‎12-26-2017

Have you enabled ip device tracking