Re: No authentication request from switch to ISE

welmjendel · ‎08-24-2017

hi Guys,

I faced a problem with our ISE ; when i changed the ip address of our ISE, there is no authentication request from switch and there is no log to troubleshoot.

FYI: i changed the ip address on the switch.

Regards,

Rob Ingram · ‎08-24-2017

Hi,

Is there basic network connectivity between the switch and ISE server? Can you ping the ISE servers's new ip address from the switch?

Run show aaa server on the switch and see if the radius server is alive or dead

welmjendel · ‎08-24-2017

thank you for your response!

yes i can ping the ise from Switch ; there is no issue of connectivity.

Rob Ingram · ‎08-24-2017

What is the output of the show aaa server command? Is the radius server marked alive or dead? Is this issue just on one switch or all switches?

Can you run a test authentication using the command test aaa group radius server.... you'll have to fill in the ip address of your ise server and username etc in order to run the command. What is then displayed in the ISE logs?

Mohammed al Baqari · ‎08-26-2017

Additionally, when you ping are you using source interface as your radius source.

Also, if you debug radius authen are you seeing request without response.?

kussriva · ‎08-28-2017

Hi welmjendel,

When you enter the new IP in the switch config, re-enter the shared key as well. Now run the test aaa group radius command and see if the server comes back up.

Thanks & Regards,

Kushagra Srivastava
Cisco PDI
http://www.cisco.com/go/pdi