Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
227
Views
1
Helpful
8
Replies

Some WLC Showing Cisco ISE is in DEAD State

poornakumar
Level 1
Level 1

‎09-09-2024 09:35 PM

Hi Team,

In our deployment some wlc is showing cisco ise is in dead state but still traffic get forward.so what could be the possibl reason for that wlc's to mark ise as dead and in the same deployment other wlc are working fine and for dot1x we have configure with VIP that is working fine but for guest portal authentication we are facing this issue for guest real radius server ip is configured in wlc.

0 Helpful
8 Replies 8

Leo Laohoo
Hall of Fame
Hall of Fame

‎09-09-2024 09:41 PM

Is the WLC a 9800?

0 Helpful

poornakumar
Level 1
Level 1
In response to Leo Laohoo

‎09-09-2024 09:43 PM

yup correct..

0 Helpful

Leo Laohoo
Hall of Fame
Hall of Fame
In response to poornakumar

‎09-10-2024 12:36 AM

Is the controller on 17.9.x?

0 Helpful

poornakumar
Level 1
Level 1

‎09-09-2024 09:52 PM

Hi Team,

In our deployment some wlc is showing cisco ise is in dead state but still traffic get forward.so what could be the possibl reason for that wlc's to mark ise as dead and in the same deployment other wlc are working fine and for dot1x we have configure with VIP that is working fine but for guest portal authentication we are facing this issue for guest real radius server ip is configured in wlc.

0 Helpful

ammahend
VIP
VIP
In response to poornakumar

‎09-09-2024 10:10 PM

not sure if I follow your question completely, but if you are having issue with Guest issues through ISE then follow this step by step guide and let me know at what stage are you failing

https://www.cisco.com/c/en/us/support/docs/wireless/catalyst-9800-series-wireless-controllers/220852-troubleshoot-central-web-authentication.html#toc-hId-1441757191

 

-hope this helps-
0 Helpful

MHM Cisco World
VIP
VIP
In response to poornakumar

‎09-10-2024 01:03 AM - edited ‎09-10-2024 01:08 AM

friend it simple 
WLC mark ISE dead when 
1- it not response to test packet
2-it slow response to authc packet <<- this case you face with wlc 
in ISE authc detail see if there is any latency 
if there is share the authc detail  

MHM

0 Helpful

poornakumar
Level 1
Level 1
In response to MHM Cisco World

‎09-12-2024 07:52 AM

Hi 

Thanks for the reply.

We have find that the traffic is going to old LB in our deployment but the traffic need to pass through new LB.After removing the old LB and configure the new LB it is working fine.

regards,

poornakumar

Arne Bier
VIP
VIP

‎09-10-2024 12:55 AM

IIRC there are two parts of the "show aaa servers" command that show DEAD. One is the overall IP address, and the other is the SMD (Session Manager Daemon) - I never understood how it works. If you find out how to interpret the "show aaa servers" command let us know. I have seen cases where I had to "jump start" the Catalyst aaa radius processing (when it was DEAD) by sending test aaa group commands.

0 Helpful
Customers Also Viewed These Support Documents