cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

349
Views
15
Helpful
4
Replies
Highlighted

Non-existent ISE node

Hello,

 

How to remove non-existent ISE node from CST Server List?

 

It is was test server for pre producation tests, but now is stoped (and deleted).

 

sh cts server-list
CTS Server Radius Load Balance = ENABLED
Method = least-outstanding
Batch size = 50
Ignore preferred server
Server Group Deadtime = 20 secs (default)
Global Server Liveness Automated Test Deadtime = 20 secs
Global Server Liveness Automated Test Idle Time = 60 mins
Global Server Liveness Automated Test = ENABLED (default)

Installed list: CTSServerList1-0001, 1 server(s):
*Server: 10.0.15.160, port 1812, A-ID ...
Status = DEAD
auto-test = TRUE, keywrap-enable = FALSE, idle-time = 60 mins, deadtime = 20 secs
show aaa servers

RADIUS: id 1, priority 1, host 10.0.15.2, auth-port 1812, acct-port 1813
     State: current UP, duration 455204s, previous duration 0s
     Dead: total time 23883s, count 13
     Quarantined: No
     Authen: request 132723, timeouts 190, failover 0, retransmission 144
             Response: accept 205, reject 65007, challenge 67321
             Response: unexpected 14, server error 0, incorrect 0, time 39ms
             Transaction: success 132533, failure 46
             Throttled: transaction 0, timeout 0, failure 0
     Author: request 4823, timeouts 19, failover 0, retransmission 16
             Response: accept 4804, reject 0, challenge 0
             Response: unexpected 0, server error 0, incorrect 0, time 31ms
             Transaction: success 4804, failure 3
             Throttled: transaction 0, timeout 0, failure 0
     Account: request 85729, timeouts 2554, failover 0, retransmission 1934
             Request: start 198, interim 0, stop 186
             Response: start 195, interim 0, stop 186
             Response: unexpected 16, server error 0, incorrect 0, time 22ms
             Transaction: success 83175, failure 620
             Throttled: transaction 0, timeout 0, failure 0
     Elapsed time since counters last cleared: 3w5d1h26m
     Estimated Outstanding Access Transactions: 0
     Estimated Outstanding Accounting Transactions: 0
     Estimated Throttled Access Transactions: 0
     Estimated Throttled Accounting Transactions: 0
     Maximum Throttled Transactions: access 0, accounting 0
     Requests per minute past 24 hours:
             high - 14 hours, 2 minutes ago: 42
             low  - 22 hours, 16 minutes ago: 0
             average: 7
show cts env
CTS Environment Data
====================
Current state = COMPLETE
Last status = Successful
Local Device SGT:
  SGT tag = 0-00:Unknown
Server List Info:
Installed list: CTSServerList1-0001, 1 server(s):
 *Server: 10.0.15.160, port 1812, A-ID ...
          Status = DEAD
          auto-test = TRUE, keywrap-enable = FALSE, idle-time = 60 mins, deadtime = 20 secs
Multicast Group SGT Table:
Security Group Name Table:
    0-60:Unknown

Thanks.

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted

There are a couple other pieces you may have to clean up then.  On ISE, check if there are defined AAA CTS Servers and remove 10.0.15.160 if present. In the switch config you might also still have the aaa authorization credential-download command defined, as well as the cts authorization command. 
image.png

 

View solution in original post

4 REPLIES 4
Highlighted
VIP Advisor

Have you tried the command "clear cts environment-data" 

Highlighted

Hello,

 

 yes, it is not work.

 

 According to the architecture, where is this information stored on the switch or ISE server?

Highlighted

There are a couple other pieces you may have to clean up then.  On ISE, check if there are defined AAA CTS Servers and remove 10.0.15.160 if present. In the switch config you might also still have the aaa authorization credential-download command defined, as well as the cts authorization command. 
image.png

 

View solution in original post

Highlighted

Hello, Thank you. It is was my issue. How can I forget about the server list?..

Screenshot 2020-10-18 114741.jpg

Content for Community-Ad