cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

6791
Views
35
Helpful
23
Replies
Highlighted
Enthusiast

Hi JC,

Hi JC,

a dedicated interface is used. I guess it's less complex and not consider any access switches. Drawback of course is, that one interface is "lost" :)

Highlighted
Beginner

Hi Johannes,

Hi Johannes,

Thanks, I agree and one interface on the 6880's are quite a loss/expensive...

We do not have that but I have seen instability with not having that. We make use of the FEX's for dual-active detection, but that is not such a great idea, and now we do not have any open/spare interfaces for that purpose.

Ciao

JC

Highlighted
Cisco Employee

Would you mind sharing some

Would you mind sharing some of the gotcha's? We're running 15.1(2)SY6 on a 6880-X-LE.

The machine will get an auth success, then the user will get an auth success. We've verified that the switch is downloading the correct dACL from ISE and applying it to the port.

show authentication sessions interface <interface-id>

show ip access-list interface <interface-id>

Most of the resources are available but filing sharing is working sporadically. If the user logs out and then logs back in, the same dACL is applied to the port and all of the shares are visible to the user, which is not expected behavior.

The issue version appears to be meet the minimum requirements for ISE 2.1, but it is not the recommended code for the 6880's listed in the ISE 2.1 compatibility matrix guide. Did you experience this issue? Are there any reasons you deployed the ISE recommended version of the switch recommended version?

Thank you.

Joe

Highlighted
Beginner

Hi JC,

Hi JC,

Hope your well.

Please need your help on below issue.

Everything working for two months than after more users added in that switch we got weird issue.

ISE is making problem on random ports using 6800 using Version 15.2(1)SY3.

we got almost 960 ports up in which 700 of them are using phones and pcs means dot1x needs to work for (700 x 2)+ 200 = 1600 DACL.

Kindly need your words on this

thanks

MH

Highlighted
Enthusiast

Sorry ... this question is

Sorry ... this question is kinda out-of-topic for this thread. Would you mind opening an own thread for this?

(Btw. more information would be good for the new topic. The provided information is not enough ["weird issue"]). But by the number of dACLs  ... are you sure you're not running into TCAM issues?

But again - please open a new thread for this!

Highlighted
Beginner

Thanks for your quick

Thanks for your quick response !

I have opened a new thread kindly let me know about your thoughts!

thanks

MH

Highlighted
Beginner

6880 ISE ISSUE 15.2 SY3

6880 ISE ISSUE 15.2 SY3

Highlighted
Beginner

Re: Hi,

RACL?
Is it Router or Redirection ACL?
Highlighted
Beginner

Re: Hi,

RACL?
Is it Router or Redirection ACL?