Hey,
My ISE deployment has three PSNs in a AAA group on WLC9800 where AAA group load balancing is enabled. This is working properly. Recently I have added three new ISE PSNs (Virtual appliances) in the existing ISE deployment and also in the AAA group on the WLC9800. I found the these three new ISE PSNs can process most the authentication requests coming from (Preshared key and portal based authentication), but are not able to handle EAP-TLS wireless auth requests. The EAP-TLS auth requests are found to be handled by three old ISE PSNs. I imported certificates from internal root CA, so certificates should not be a problem. The error from ISE is as below:
| Event | 5411 Supplicant stopped responding to ISE |
| Failure Reason | 12931 Supplicant stopped responding to ISE after sending it the first EAP-TLS message |
Since I will decommission the three old ISE PSNs, I want to make the new ISE PSNs able to response EAP-TLS authentication request.
Can anyone have experience on this situation?
