Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
855
Views
0
Helpful
3
Replies

Wireless802.1x authentication via ISE

extern.dongdong.lin
Level 1
Level 1

‎12-12-2016 04:00 AM - edited ‎02-21-2020 05:58 AM

Hi,

I met an issue on ISE for wireless802.1x authentication, I have 2 ISE 3945 for cluster(The configuration on 2 ISEs are the same), and set this 2 ISE on WLC.

It works fine before Dec, from 1st Dec, I changed authentication server and accounting server on WLC for testing, if I choose the primary one, it does not work, but the secondary one, it works fine. it strange, because these 2 ISEs are a cluster.

My version is 1.4.0.253 patch 10.

you may find that the picture master2 shows user not found in active directory, but i defintely confirm user is in AD, and i did AAA testing on ISE, user is in AD.

Do you know what's the issue?

Thanks,

Regards,

Lin

Preview file
94 KB
Preview file
118 KB
0 Helpful
3 Replies 3

nspasov
Cisco Employee
Cisco Employee

‎12-13-2016 12:07 PM

Hi Lin, I have a couple of questions for you:

1. Can you confirm that both ISE nodes are Joined and Connected to AD? You can confirm this from the Administration > External Identities > AD page

2. If both nodes are showing Joined and Connected, can you check and see if each node is connected to the same or different Domain Controller

3. Can you confirm the ISE deployment is healthy? You can check that from the Administration > Deployment page. There you should see that replication is good and the two nodes are fully in-sync.

Thank you for rating helpful posts!

Thank you for rating helpful posts!
0 Helpful

extern.dongdong.lin
Level 1
Level 1
In response to nspasov

‎12-13-2016 05:19 PM

Hi Neno,

Thanks for your reply.

1. Both ISE nodes are joined and connected to AD. I test successfully with feature "Test User" on page Administrator- Identity Management- External Identity Sources- AD

2. Both Nodes are joined and connected in different AD, but two ADs are available.

3. ISE deployment is health and fully in-sync.

I upgraded patch 10 after ISE reload, the other ISE failed in authentication. now, both 2 ISEs are failed.

Cisco TAC collect some information but no any update now.

Regards,

Lin

0 Helpful

nspasov
Cisco Employee
Cisco Employee
In response to extern.dongdong.lin

‎12-17-2016 01:01 PM

Wow, sorry to hear about your troubles. Please keep us posted on what TAC says. 

Thank you for rating helpful posts!
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card