Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hi, Our customer has a local ISE for TACACS Authentication and want to proxy TACACS traffic to a central ISE deployment. Basically, this works fine at the moment for Cisco switches. Switch –> Local ISE TACACS proxy -> Central ISE TACACS (via NAT) In ...
Hi, Our customer has a local ISE for TACACS Authentication and want to proxy TACACS traffic to a central ISE deployment. Basically, this works fine at the moment for Cisco switches. Switch –> Local ISE TACACS proxy -> Central ISE TACACS (via NAT) In ...
Hi All, We have a Cisco ISE cluster with 4 nodes and using CoA for Wireless. Thats working fine. The goal is to use CoA for switchports too and configured both ISE and the switch for CoA (default port). After initiating a CoA from ISE to a specific c...
Hi, Good question. The local ISE is customer's, the central ISE is from the netwerk management party. Both are connected with a different AD for user authentication. Both patries do not want to connect their own ISE with the other parties AD.
Problem has been solved! In the TCP dump of the PAN we found intercluster CoA traffic (from PAN to PSN) on UDP 3799. This traffic was not arrived at the PSN because all intercluster traffic is firewalled. After opening UDP 3799 between all cluster no...
There is one FW and one ACL on the path between ISE and the switch. But both have no blocks and permit UDP 1700.The log on both shows also no UDP 1700 traffic. Yes, we receive an error in the ISE log
Mike, thanks for your suggestions.All of the suggested configurations are present. The debugs do not give any results becuase the packet is not send by ISE. The TCP dump on the ISE network interface shows zero CoA packets, so it should be an ISE issu...
