With cisco ISE, ping host name in local network does not work.

M'Bouke Serge Cedric BESSE · ‎02-19-2014

I installed a Cisco ISE solution.

In some Windows 7 and Windows 8 users when the switch port is controlled by ISE, the NAC Agent is not displayed. After some research, we found that for these users, the resolution of the name of the local machine to the network does not work, but the resolution of Internet names work (eg yahoo.fr).

When the port of the machine is not controlled, everything works fine.

Anyone can help it?

blenka · ‎02-20-2014

Symptoms or Issue

•Unsuccessful RADIUS or AAA functions in Cisco ISE

•The NAD is unable to ping the Policy Service ISE node

Conditions

This scenario is applicable in a system in which Cisco ISE is configured to perform user authentication via an external RADIUS server on the network.

Possible Causes

The following are possible causes for losing connectivity with the RADIUS server:

•Network connectivity issue or issues

•Bad server IP address

•Bad server port

Resolution

If you are unable to ping the Policy Service ISE node from the NAD, try any or all of these possible solutions:

•Verify the NAD IP address

•Try using Traceroute and other appropriate "sniffer"-type tools to isolate the source of disconnection. (In a production environment, be cautious of overusing debug functions, because they commonly consume large amounts of available bandwidth and CPU, which can impact normal network operation.)

Check the Cisco ISE "TCP Dump" report for the given Policy Service ISE node to see if there are any indications.

sergebesse · ‎02-20-2014

the problem only happens for some users. everything works fine in others. This means that there is no problem of Radius or AAA. On NAD, users are connected in that it works very well.