Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
841
Views
0
Helpful
0
Comments

Check the IP to SGT mapping

teegeorg
Cisco Employee
Cisco Employee

‎06-09-2019 09:46 PM - edited ‎06-10-2019 12:26 AM

To check for issues with the IP to SGT mapping, first check if the environment data is downloaded to the Edge switch.

show aaa servers

Run the following command to ensure that the Radius servers are in the UP state.

show cts pacs

Run the following command to confirm that the PAC-type should be "Cisco Trustsec".

show cts environment-data

Under the security Group Name Table,  and confirm that all the SGTs created in ISE is downloaded.

Possible causes and solutions

  • The issue could be caused because ISE is not reachable from the Edge node. Ping ISE from Edge, to make sure that the connection has not been lost.
  • Another cause is that ISE details may not be added at a global level in the Cisco DNA Center Design page.

Recommended Actions

Assurance should execute the commands listed above, and look for the relevant fields. If the output is not as expected, then a flag should be raised for Edge.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents