07-18-2024 11:27 AM
Hi All,
i have the below setup where i am seeing Primary ISE server (ISE1) is not responding to My PC and it always getting response from secondory server(ISE2).I have checked the Access switch config all looks fine.So currently i have done the packet capture on the Access switch Uplink and core end as well simultaniously.can some one help me to know how can i filter/check EAP packet communication in wireshark.
07-18-2024 11:43 AM
for what you use ISE for SW admin or for client Access ?
MHM
07-18-2024 11:52 AM
client access (dot1x)
07-18-2024 11:56 AM
Good
so there is two Server config under one group in access SW
the access SW use random IP or specific IP ?
if you dont config specific IP then the FW can drop the traffic
you need to use
ip radius source-interface <vlan svi IP>
then in FW allow this IP to access both ISE
MHM
07-18-2024 12:12 PM
so there is two Server config under one group in access SW---> yes Primary server ISE1 & Secondary ISE2
ip radius source-interface <vlan svi IP> ---Switch Mgmt called here.
Note : Here the users are authenticating via Secanday ISE( ISE2 ) with out any issue not via ISE 1.so i am already captured PCAP file in all direction please he lp me to know the filer to check if the EAP packet is going towords Primay ISE server.
07-18-2024 12:18 PM
send to me pcap
and do show server aaa <<- share this
MHM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide