05-06-2015 08:07 AM - edited 03-10-2019 10:42 PM
hi all,
when migrating switch from 15.0.1 to the new one I can't get 802.1x working cause on the session there is "blocked on: AAA not ready"
previously it worked well - what changed in 15.2.3? I'm not using IBNS 2.0 so the config is the same (typical)
C3750X-POC-2(config)#do show authentication sessions int g1/0/39 details Interface: GigabitEthernet1/0/39 MAC Address: 28d2.4424.a182 IPv6 Address: Unknown IPv4 Address: Unknown Status: Unauthorized Domain: UNKNOWN Oper host mode: multi-domain Oper control dir: both Session timeout: N/A Common Session ID: 0A0D9A050000000C0001C443 Acct Session ID: Unknown Handle: 0x5F000001 Current Policy: POLICY_Gi1/0/39 Blocked On: AAA Not Ready
regards
05-06-2015 10:12 AM
Hello Przemyslaw Konitz,
I'm no ISE expert by no means, but we have implemented ISE and initially we were using
c3750e-universalk9npe-mz.152-1.E. There were many things not working correctly and Cisco came on site and one of the first things they recommended was to downgrade all of our switches to
c3750e-universalk9npe-mz.122-55.SE8.bin, which resolved some of our issues. However you do lose some features with the downgrade, but that was Cisco's recommendation.
We are currently at ISE 1.2 not 1.3.
I have seen other postings as well, not related to ISE, recommending to go to 12.2(55)SE8.
05-06-2015 10:20 AM
thx for reply
we'll try this soft tomorrow and I'll let u know
regards
05-16-2015 01:57 PM
I have the same problem.
I observe also that Method status list was empty.
So I put interface in default and reaply configuration (the same). After that all works ok!
Best regard!
05-21-2015 12:40 AM
after reload - it stopped working, after reentering the config it worked so i believe there is a bug.
now we're thinking about going back to 12.2.58 or 15.0.2
regards
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: