Last week we had one of our 6807XL crash on Thursday 10/10 (case # SR 687680740). As we were troubleshooting the issue with the 6807XL, we noticed some issues with ISE and WLC cluster not coming back up correctly after the crash. We have noticed event logs that are showing TrustSec errors communicating back to ISE. Can anyone advise on how to troubleshoot these specific errors? Any assistance would be greatly appreciated
Oct 14 13:37:16.181: %CTS-SW2-3-SXP_CONN_STATE_CHG_OFF: Connection <10.11.1.240, 10.99.3.2>-1 state changed from Pending_On to Off.
Oct 14 13:39:16.182: %CTS-SW2-3-SXP_CONN_STATE_CHG_OFF: Connection <10.11.1.240, 10.99.3.2>-1 state changed from Pending_On to Off.
Oct 14 13:41:16.183: %CTS-SW2-3-SXP_CONN_STATE_CHG_OFF: Connection <10.11.1.240, 10.99.3.2>-1 state changed from Pending_On to Off.
Oct 14 13:43:16.235: %CTS-SW2-3-SXP_CONN_STATE_CHG_OFF: Connection <10.11.1.240, 10.99.3.2>-1 state changed from Pending_On to Off.
There is ALSO errors on 67 DHCP on the core…this may need digging into as well…the SGTs change with these errors:
permit udp 67
^
% Invalid input detected at '^' marker.
Oct 14 13:48:54.738: %RBM-SW2-3-RBM_PARSE_ACE: Could not parse command for adding ACE 'permit udp 67' to IP Role-Based Access List 'Deny_All-80'
Oct 14 13:48:54.738: %CTS-SW2-3-AUTHZ_POLICY_SGACL_ACE_FAILED: Failed to install IP SGACL 'Deny_All-80' for SGT=292:EW189 due to ACE 'permit udp 67' error
Oct 14 13:48:54.785: %RBM-SW1_STBY-3-RBM_PARSE_CMD: Could not parse command. See command output and errors below
permit udp 67
^
% Invalid input detected at '^' marker.
Oct 14 13:48:54.785: %RBM-SW1_STBY-3-RBM_PARSE_ACE: Could not parse command for adding ACE 'permit udp 67' to IP Role-Based Access List 'Deny_All-80'
Oct 14 13:48:54.785: %CTS-SW1_STBY-3-AUTHZ_POLICY_SGACL_ACE_FAILED: Failed to install IP SGACL 'Deny_All-80' for SGT=292:EW189 due to ACE 'permit udp 67' error