01-26-2023 04:52 AM
Using ISE 2.7 Patch 8
since we upgraded to the above patch I have noticed reauthentication from the Meraki Wireless AP taking longer to reauthenticate
Looking on ISE, I have noticed the following at the time the issue occurs
Received RADIUS Access-Request (step latency=22240 ms Step latency=22240 ms)
Trying to work out if the issue is with the access point or ISE
I am new to ISE as well, so can somone confirm what could be the reason for this long delay.
I am wondering is it packet loss from access point to the RADIUS server
01-26-2023 06:14 AM
What is the network path between the MR and ISE? What is the ID store?
01-26-2023 07:07 AM
The hops between the MRE and ISE is 8
This is effecting multiple offices, the only common factor is the ISE device is a data centre. Offices are connected via SD WAN to the data centre
As I am new to ISE, I assume the ID store is Active Directory
01-26-2023 07:36 AM
How do the resources on ISE look? What is your deployment type? Are you within the scale limits? https://www.cisco.com/c/en/us/td/docs/security/ise/performance_and_scalability/b_ise_perf_and_scale.html
01-26-2023 12:52 PM
If ISE PSNs are hosted on VMs, and if you have access to the VM Management, then perhaps look at a trend in CPU performance or disk IO activity. If the patch did some weird stuff then you're likely to spot it in historical trending. ISE also records its own performance but I prefer to see it from the hypervisor's perspective.
You could also see whether you have Session Resume enabled on your EAP-XXX protocols in ISE. That should eliminate some of the TLS overhead. And stateless session resume is also a nice performance tweak.
01-26-2023 01:36 PM - edited 01-26-2023 01:37 PM
We run ISE on a appliance box, Model is 3615, which meets the setup we have in terms of endpoints.
I ask this, we didnt have this issue before we applied patch 8
01-27-2023 10:07 PM
Hi @Abdulaziz Loonat ,
since you " ... didn't have this issue before we applied Patch 8 ... ", could please share the result of the following command:
ise/admin# show version history
Regards
02-04-2023 06:03 PM
@Abdulaziz Loonat : Take a look at README_Hotpatch_CSCwc74531_and_CSCwd45843.txt and consider apply it.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide