07-08-2015 01:24 AM - edited 03-12-2019 05:46 PM
Hi. I am stumped here and have been troubleshooting for 2 days now. We recently updated to ISE 1.4.0.253. Since the update, neither ISE is responding to radius requests. When both nodes are registered, only 1 of them is returning data on the dashboard. Sometimes the Primary admin node, sometimes the secondary. But it's not always the same one (See attached). I have tried deregistration of the nodes and re-registration. Nothing changes. Nobody can authenticate. I have also added the appliances to the AD domain. I have tried to reset the M&T database with no change.
Any help will be appreciated.
07-08-2015 02:15 AM
What version did you upgrade from ? Are you on physical appliances, if yes, which ones ?
07-08-2015 02:19 AM
07-08-2015 02:27 AM
So, did you look though the upgrade guide, and check the stuff about nic's on 3415 ? It could be ISE is confused about what interface it is running on.
The order in which Network Interface Cards (NICs) are connected to Cisco UCS SNS 3415 and Cisco UCS SNS 3495, and IBM Cisco ISE 3315 appliances may affect the upgrade to ISE 1.4. You should ensure that a pre-upgrade check is performed, followed by sequencing of the NICs. Perform a pre-upgrade check of NICs for UCS and IBM Appliances to ensure that Ports eth0 and eth1 should be used for Intel NICs on UCS appliances and, ports eth2 and eth3 should be used for Broadcom NICs on IBM appliances. Refer to the Sequence Network Interface Cards (NICs) for UCS and IBM Appliances section in the Cisco Identity Services Engine Upgrade Guide, Release 1.4.
> I realise this should only be for ise 1.2 or 1.2.1 upgrade straight to 1.4
07-08-2015 02:39 AM
I did see that, and I thought it would not be applicable because we were upgrading from 1.3.x. How do I know which appliance we have? UCS or IBM? See the output from show inventory below.
ise02/admin# sh inventory
NAME: "SNS-3415-K9 chassis", DESCR: "SNS-3415-K9 chassis"
PID: SNS-3415-K9 , VID: A , SN: FCH1809V1TV
Total RAM Memory: 16307676 kB
CPU Core Count: 4
CPU 0: Model Info: Intel(R) Xeon(R) CPU E5-2609 0 @ 2.40GHz
CPU 1: Model Info: Intel(R) Xeon(R) CPU E5-2609 0 @ 2.40GHz
CPU 2: Model Info: Intel(R) Xeon(R) CPU E5-2609 0 @ 2.40GHz
CPU 3: Model Info: Intel(R) Xeon(R) CPU E5-2609 0 @ 2.40GHz
Hard Disk Count(*): 1
Disk 0: Device Name: /dev/sda
Disk 0: Capacity: 599.00 GB
Disk 0: Geometry: 255 heads 63 sectors/track 72824 cylinders
NIC Count: 4
NIC 0: Device Name: eth0
NIC 0: HW Address: 74:26:AC:5B:35:F4
NIC 0: Driver Descr: Intel(R) Gigabit Ethernet Network Driver
NIC 1: Device Name: eth1
NIC 1: HW Address: 74:26:AC:5B:35:F5
NIC 1: Driver Descr: Intel(R) Gigabit Ethernet Network Driver
NIC 2: Device Name: eth2
NIC 2: HW Address: 00:0A:F7:29:99:98
NIC 2: Driver Descr: Broadcom NetXtreme II BCM5706/5708/5709/5716 Driver
NIC 3: Device Name: eth3
NIC 3: HW Address: 00:0A:F7:29:99:9A
NIC 3: Driver Descr: Broadcom NetXtreme II BCM5706/5708/5709/5716 Driver
(*) Hard Disk Count may be Logical.
EDIT: I see now 34xx are UCS. :-)
07-10-2015 04:00 AM
Thanks for your assistance Jan. But I have rolled back to 1.3.0876 and with the same configuration, all works well. Thanks again
Regards
Andre
07-13-2015 03:25 AM
Hi Andre,
I'm having a problem with radius on a new 1.4 installation. Did you find a solution to your problem?
Thanks
Stuart
07-13-2015 03:29 AM
Hi Stuart. My ISE also stopped responding to RADIUS after the upgrade to 1.4. I did not find a solution. I rolled back to 1.3.0.876. All is working well now.
Regards
Andre
07-13-2015 11:59 PM
Hi,
I guessing I was affected by the bug below even though I was doing an upgrade from a new 1.3 to 1.4. Doing a clean build from the 1.4 iso has fixed the issue.
07-16-2015 05:59 AM
Thanks Stuart. Much appreciated
07-08-2015 02:29 AM
Also, do you have your ISE nodes seperated by firewalls/access lists ?
07-08-2015 02:34 AM
NO Firewalls or ACL's
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: