Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
237
Views
0
Helpful
3
Replies

ANC correlation error

Go to solution
Suptech
Level 1
Level 1

‎11-12-2025 02:19 PM

Hi,

I have my FMC running 7.7 version integrated with ISE using pxGrid and the tests return successful connection with ISE. After configuring a ANC correlation rule to quarantine the source endpoint with ISE I get this error in the "Correlation Status" logs: "Unknown error processing ISE command, view error logs for details"

The integration was working until it stopped working suddenly.

Any idea?

Regards,

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Suptech
Level 1
Level 1
In response to Suptech

‎11-16-2025 04:12 PM

I finally fixed it. The issue was on the device-tracking IP policy in the switch which was not enabled so ISE was not aware of the IP of the endpoint and couldn't apply any ANC policy. Configured the device-tracking policy and right after started seeing the IP when running the "show auth sess int X det" command. FMC correlation policy working back.

 

Thanks

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Ben Weber
Level 1
Level 1

‎11-12-2025 07:04 PM

Given that the issue only occurred after configuring the ANC rule, it is likely an issue with a policy mismatch in ISE or the service not being available.

Have you confirmed the policy name matches in ISE and that ANC is configured in ISE?

- BW
Please rate posts if they have been helpful.
0 Helpful

Go to solution
Suptech
Level 1
Level 1
In response to Ben Weber

‎11-16-2025 03:25 PM

Hi,

I have reconfigured the integration between FMC and ISE using the new mode. Recreated the ANC policy in ISE and recreated the FMC instance but the issue persists. In the policy set there is no match in the exception rules where the ANC is applied. I'll try to get some info from the debug logs in ISE.

 

Regards

0 Helpful

Go to solution
Suptech
Level 1
Level 1
In response to Suptech

‎11-16-2025 04:12 PM

I finally fixed it. The issue was on the device-tracking IP policy in the switch which was not enabled so ISE was not aware of the IP of the endpoint and couldn't apply any ANC policy. Configured the device-tracking policy and right after started seeing the IP when running the "show auth sess int X det" command. FMC correlation policy working back.

 

Thanks

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card