09-19-2023 08:49 AM
Hi
I recently upgraded an ISE deployment from 2.7 patch 7 to 3.2 patch 3. One of the PSNs failed during the upgrade so I deregistered the node and manually installed 3.2 patch 3 before re-registering it with the deployment.
All services are working fine except for the following issue with External RADIUS Servers.
The PSNs are behind a loadbalancer - I confirmed with packet captures that I could see RADIUS traffic from the External RADIUS Servers to the PSN passing through the edge firewalls and the loadbalancer. This RADIUS traffic just seems to disappear!!
The deployment does have issues with External RADIUS Servers bugs like the one below.
https://bst.cisco.com/bugsearch/bug/CSCwb04566
Does the fact that the ISE TCP dumps show no sign of this RADIUS traffic definitively mean that the PSN isn't receiving it?
Thanks
Andy
Solved! Go to Solution.
09-19-2023 10:22 AM
Yes, I would anticipate this being an issue with the load balancer or firewalls.
09-19-2023 10:22 AM
Yes, I would anticipate this being an issue with the load balancer or firewalls.
09-20-2023 03:03 AM
Yes, it was the loadbalancer after all - the packet capture on the switch showed no sign of the traffic. All sorted now
09-19-2023 10:54 AM
Thanks for the reply. It does sound like it given the lack of RADIUS traffic from the External RADIUS Servers in the TCP dump (RADIUS traffic from the loadbalancer and other NADs to the affected PSN is showing in the dumps and no changes have been made to the loadbalancer). The PSN is an appliance - I'll arrange a packet capture on its upstream switch to confirm if the traffic is actually reaching it.
Cheers
Andy
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide