Hello dear and thnx for reply the issue i had Ise server connected with Active directory , the required is to make user login from AD users through ise one of the switches which is 9200 is working fine while anther 9200 using the same config is not working gave us the error encapsulation fail in debug take in mind the switch using management interface which is located on vrf management while the working switch using ip on vlan interface
>.... which is 9200 is working fine while anther 9200 using the same config is not working
- Are they running the same software version ? In general check your ISE version , then lookup the 9200 according to these info's : https://www.cisco.com/c/en/us/support/security/identity-services-engine/products-device-support-tables-list.html , when validating the 9200 in the table(s) look at required IOS-XE version in order to be compatible with ISE version being used, check if all of these conditions are satisfied.
'encapsulation failed' usually means that a layer 3 packet cannot be forwarded because some layer 2 information is missing. One thing you could try is to create a static ARP entry for the server on the router. Let's say the IP address of the server is 192.168.1.11, then you would create a static ARP entry as below (you obviously need to use the real MAC address of the server:
arp 192.168.1.11 0b0c.7813.0290 SNAP