This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.
Hi. I am stumped here and have been troubleshooting for 2 days now. We recently updated to ISE 188.8.131.52. Since the update, neither ISE is responding to radius requests. When both nodes are registered, only 1 of them is returning data on the dashboard. Sometimes the Primary admin node, sometimes the secondary. But it's not always the same one (See attached). I have tried deregistration of the nodes and re-registration. Nothing changes. Nobody can authenticate. I have also added the appliances to the AD domain. I have tried to reset the M&T database with no change.
Any help will be appreciated.
So, did you look though the upgrade guide, and check the stuff about nic's on 3415 ? It could be ISE is confused about what interface it is running on.
The order in which Network Interface Cards (NICs) are connected to Cisco UCS SNS 3415 and Cisco UCS SNS 3495, and IBM Cisco ISE 3315 appliances may affect the upgrade to ISE 1.4. You should ensure that a pre-upgrade check is performed, followed by sequencing of the NICs. Perform a pre-upgrade check of NICs for UCS and IBM Appliances to ensure that Ports eth0 and eth1 should be used for Intel NICs on UCS appliances and, ports eth2 and eth3 should be used for Broadcom NICs on IBM appliances. Refer to the Sequence Network Interface Cards (NICs) for UCS and IBM Appliances section in the Cisco Identity Services Engine Upgrade Guide, Release 1.4.
> I realise this should only be for ise 1.2 or 1.2.1 upgrade straight to 1.4
I did see that, and I thought it would not be applicable because we were upgrading from 1.3.x. How do I know which appliance we have? UCS or IBM? See the output from show inventory below.
ise02/admin# sh inventory
NAME: "SNS-3415-K9 chassis", DESCR: "SNS-3415-K9 chassis"
PID: SNS-3415-K9 , VID: A , SN: FCH1809V1TV
Total RAM Memory: 16307676 kB
CPU Core Count: 4
CPU 0: Model Info: Intel(R) Xeon(R) CPU E5-2609 0 @ 2.40GHz
CPU 1: Model Info: Intel(R) Xeon(R) CPU E5-2609 0 @ 2.40GHz
CPU 2: Model Info: Intel(R) Xeon(R) CPU E5-2609 0 @ 2.40GHz
CPU 3: Model Info: Intel(R) Xeon(R) CPU E5-2609 0 @ 2.40GHz
Hard Disk Count(*): 1
Disk 0: Device Name: /dev/sda
Disk 0: Capacity: 599.00 GB
Disk 0: Geometry: 255 heads 63 sectors/track 72824 cylinders
NIC Count: 4
NIC 0: Device Name: eth0
NIC 0: HW Address: 74:26:AC:5B:35:F4
NIC 0: Driver Descr: Intel(R) Gigabit Ethernet Network Driver
NIC 1: Device Name: eth1
NIC 1: HW Address: 74:26:AC:5B:35:F5
NIC 1: Driver Descr: Intel(R) Gigabit Ethernet Network Driver
NIC 2: Device Name: eth2
NIC 2: HW Address: 00:0A:F7:29:99:98
NIC 2: Driver Descr: Broadcom NetXtreme II BCM5706/5708/5709/5716 Driver
NIC 3: Device Name: eth3
NIC 3: HW Address: 00:0A:F7:29:99:9A
NIC 3: Driver Descr: Broadcom NetXtreme II BCM5706/5708/5709/5716 Driver
(*) Hard Disk Count may be Logical.
EDIT: I see now 34xx are UCS. :-)
Thanks for your assistance Jan. But I have rolled back to 1.3.0876 and with the same configuration, all works well. Thanks again
Hi Stuart. My ISE also stopped responding to RADIUS after the upgrade to 1.4. I did not find a solution. I rolled back to 184.108.40.2066. All is working well now.
I guessing I was affected by the bug below even though I was doing an upgrade from a new 1.3 to 1.4. Doing a clean build from the 1.4 iso has fixed the issue.