Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
710
Views
2
Helpful
3
Replies

ISE TCP Dump query

Go to solution
andrewswanson
Level 7
Level 7

‎09-19-2023 08:49 AM

Hi

I recently upgraded an ISE deployment from 2.7 patch 7 to 3.2 patch 3. One of the PSNs failed during the upgrade so I deregistered the node and manually installed 3.2 patch 3 before re-registering it with the deployment.

All services are working fine except for the following issue with External RADIUS Servers.

  • the 2 PSNs that successfully upgraded are working fine with the configured External RADIUS Servers - ISE TCP dumps show RADIUS traffic
  • the PSN that failed the upgrade does not respond to RADIUS requests from the External RADIUS Servers. The External RADIUS Servers report "No Reply" with this PSN. ISE TCP dumps show no RADIUS traffic from the External RADIUS Server but does show icmp. ISE RADIUS logs show nothing for this traffic.
  • the PSN that failed the upgrade works fine with all other RADIUS traffic

The PSNs are behind a loadbalancer - I confirmed with packet captures that I could see RADIUS traffic from the External RADIUS Servers to the PSN passing through the edge firewalls and the loadbalancer. This RADIUS traffic just seems to disappear!!

The deployment does have issues with External RADIUS Servers bugs like the one below.

https://bst.cisco.com/bugsearch/bug/CSCwb04566

Does the fact that the ISE TCP dumps show no sign of this RADIUS traffic definitively mean that the PSN isn't receiving it?

Thanks
Andy

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
ahollifield
VIP
VIP

‎09-19-2023 10:22 AM

Yes, I would anticipate this being an issue with the load balancer or firewalls.

View solution in original post

3 Replies 3

Go to solution
ahollifield
VIP
VIP

‎09-19-2023 10:22 AM

Yes, I would anticipate this being an issue with the load balancer or firewalls.

Go to solution
andrewswanson
Level 7
Level 7
In response to ahollifield

‎09-20-2023 03:03 AM

Yes, it was the loadbalancer after all - the packet capture on the switch showed no sign of the traffic. All sorted now

0 Helpful

Go to solution
andrewswanson
Level 7
Level 7

‎09-19-2023 10:54 AM

Thanks for the reply. It does sound like it given the lack of RADIUS traffic from the External RADIUS Servers in the TCP dump (RADIUS traffic from the loadbalancer and other NADs to the affected PSN is showing in the dumps and no changes have been made to the loadbalancer). The PSN is an appliance - I'll arrange a packet capture on its upstream switch to confirm if the traffic is actually reaching it.

Cheers

Andy

0 Helpful
Customers Also Viewed These Support Documents