Published On Mar 13, 2023
Cisco ISE TME Pavan Gupta provides an excellent introduction to some of the basic tools and techniques for troubleshooting some of the most frequent ISE and access control issues.
Topics:
00:00 Introduction
01:01 Agenda
01:33 Troubleshooting Methodology
02:13 ISE Node Services : Distributed System Information Flow
05:11 Focus on Policy Evaluation Touch Points
06:30 RADIUS Access Request & Policy Evaluation Flow
10:21 Network Device Evaluation : Unknown / Misconfigured NAD
5405 Request Dropped
11007 Could not locate Network Device or AAA Client
11036 The Message-Authenticator RADIUS attribute is invalid
12:54 ISE Message Catalog
13:16 5441 : Endpoint started new session ...
14:31 Demo: Unknown or Misconfigured Network Device
15:07 - RADIUS Client Simulator : EAPTest (macOS Only) : https://www.ermitacode.com/eaptest.html
18:34 - Dashboard : RADIUS Drops & Failure Reasons
19:32 - Dashboard : Misconfigured Network Devices & Failure Reasons
20:03 - RADIUS Protocol Settings : Suppression
23:15 Demo: Misconfigured Network Device (bad RADIUS shared secret)
11036 Message-Authenticator RADIUS Attribute is invalid
25:29 AAA Policy Evaluation / Conditions
27:34 MAC Authentication Bypass (MAB)
29:51 802.1X
33:02 Demo: Policy Evaluation: Allowed Protocols
33:47 - 5400 Authentication Failed + 15024 PAP is not allowed
36:44 Demo: Common Active Directory Issues
37:56 - 24708 User not found in AD : Identity Store not available
42:55 - 22056 Subject (user) Not Found
45:48 - 24408 User authentication failed... wrong password
46:49 - 15039 Reject User per Authorization Profile
48:17 Poll: ISE Troubleshooting Tools
49:13 Demo: NAD Authorization Failed (missing ACL)
52:33 Highlight Authentication Latency (Azure Active Directory)
55:20 Log Analytics (ISE 3.2 and later)
56:40 Visibility & Reporting
56:38 - Context Visibility : Authentications
57:04 - Authentication Summary Report
58:00 - Misconfigured Network Devices
58:17 - Misconfigured Supplicants
58:56 Demo: Alarms
59:54 Poll: ISE Tools
1:00:16 Demo: ISE Diagnostic Tools
1:01:11 Poll: Additional Troubleshooting Utilities
1:02:04 Resources
1:02:16 Questions
