Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2301
Views
0
Helpful
2
Replies

Ise redirection issue and pc not getting ip

Go to solution
rajaayman
Level 1
Level 1

‎05-10-2020 01:12 PM

 

 

HI All 

 

Please find the attached config 

 

Pc is not getting the ip address 

while opening the redirection url getting the below error 

 

https://ise-01.rl.local:8443/portal/gateway?sessionId=8E6440FE0000001100DFAF7D&portal=f189d6e0-7159-11e7-a355-005056aba474&action=cpp&token=532321dee0ba8b1a8497a0230d13ea70

 

[ 400 ] Bad Request

The request is invalid due to malformed syntax or invalid data.

Possible cause is unknown, invalid, or terminated RADIUS session ID. Please advise the System Admin to consult the logs and ensure that the RADIUS session was not generated by a different PSN or due to a deny access policy match.

 

i have attached the config below 

 

ise version is 

ersion information of installed applications
---------------------------------------------

Cisco Identity Services Engine
---------------------------------------------
Version : 2.4.0.357
Build Date : Thu Mar 22 19:01:26 2018
Install Date : Sun May 10 10:26:07 2020

 

Preview file
38 KB
Preview file
3 KB
Preview file
50 KB
Preview file
7 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Greg Gibbs
Cisco Employee
Cisco Employee
In response to rajaayman

‎05-10-2020 04:31 PM

From the switch config, it looks like you have 'ip dhcp snooping trust' configured on the client port rather then the trunk port. This command should be removed from the client port and configured on the the trunk port where the response from your upstream DHCP server will be seen.

Also be sure you have an 'ip helper-address' configured on the upstream L3 interface if your DHCP server is on a different subnet.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
rajaayman
Level 1
Level 1

‎05-10-2020 01:40 PM

Portal is working after  recreating the certificate  but the machine is not getting ip i have given static ip it works 

 

Please can any open help on ip past 

0 Helpful

Go to solution
Greg Gibbs
Cisco Employee
Cisco Employee
In response to rajaayman

‎05-10-2020 04:31 PM

From the switch config, it looks like you have 'ip dhcp snooping trust' configured on the client port rather then the trunk port. This command should be removed from the client port and configured on the the trunk port where the response from your upstream DHCP server will be seen.

Also be sure you have an 'ip helper-address' configured on the upstream L3 interface if your DHCP server is on a different subnet.

0 Helpful
Customers Also Viewed These Support Documents