07-06-2022 01:35 AM
Hello,
has anybody made the experience that ODBC lookups might lead to "High Authentication Delay" on ISE PSN Nodes ?
And has anybody a possible solutuion for that potential issue ?
We have an ODBC connection to lookup MAC Addresses for NAC.
Yesterday we added a second ODBC server and configured an Identity Source Sequence.
After 1 hour PSN Nodes started to show "High Authentication Latency".
Even TACACS did not work anymore.
After removing second ODBC Server and connection reset on the Loadbalancer ISE is working normal again.
Not sure if TAC Case will lead to any result...
Best regards,
Steffen
Solved! Go to Solution.
07-08-2022 02:10 PM
Thanks to all your answers.
We investigated further with our partner and can confirm that non-reachable obdc caused the latency issues. We are using ISE 3.0 Patch 5.
There seems no solution on ISE itself but maybe to put the db behind a loadbalancer might be a feasible solution.
Best regards,
steffen
07-06-2022 04:25 AM
07-06-2022 12:49 PM - edited 07-06-2022 12:52 PM
Hi steffen.bodensohn@heraeus.com ,
beyond what @Mohammed al Baqari said ... please at Operations > RADIUS > Live Logs > click Details icon (from any line that use the ODBC Server) and take a look at the Steps Windows for any Step Latency:
Hope this helps !!!
07-07-2022 02:25 PM
Hi steffen.bodensohn@heraeus.com
It's been a while since I used ODBC in ISE - one comment back then from TAC was that when defining the ODBC Identity Sources, you should use IPv4 addresses, and not hostnames. Apparently ISE supports hostnames but it adds latency (and bugs?) so rather put an IP address in that field.
There was also some discussion that the failover didn't work as expected. So if you have some way to front-end the ISE->ODBC connection by using a load balancer, then that might be better than relying on ISE to perform the ODBC failover detection. Load balancer comes with its own fun and games (persistence).
07-08-2022 02:10 PM
Thanks to all your answers.
We investigated further with our partner and can confirm that non-reachable obdc caused the latency issues. We are using ISE 3.0 Patch 5.
There seems no solution on ISE itself but maybe to put the db behind a loadbalancer might be a feasible solution.
Best regards,
steffen
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide