Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
About JSalmond
JSalmond
Here to help
Member since Jan 28, 2021
4 weeks ago
Community Record
9
Posts
1
Kudos
0
Solutions
Badges
Hi @henleyjj our ISE was running 2.7.0.356 with patches 2,4,5 and it now running patch 7 however the issue for us turned out to be caused by the bonjour service, once this was disabled we no longer experienced issues. Unsure if the symptoms you are experiencing are the same as ours, I also have a post on the Cisco ISE community regarding our issue with a break down of the symptoms we had. https://community.cisco.com/t5/network-access-control/ios-device-re-auth-after-wakeup-on-meraki-ise/m-p/4585342#M573872 Hope you get your issue resolved
... View more
Dec 17 2021
1:08 AM
@PhilipDAth @AlexP thank you both for helping and highlighting the documents relating to the issue we were experiencing and VPN best practices, much appreciated.
... View more
Dec 17 2021
1:04 AM
Thank you @KarstenI managed to to get the VPN re-established.
... View more
Dec 16 2021
6:24 AM
Hi, after upgrading our Cisco Firepower Management Center and Cisco Firepower Threat Defence appliances to 7.0.1 we are having issues re-establishing out site-To-Site VPN and hoping someone can provide an insight in to the correct IPsec setting to use on both sides. Prior to the upgrade our MX used the IKEv1 default settings however 3DES and Diffie-Hellman groups 2 are unsupported on the FTD's. Tried setting up IKEv2 with different combinations of setting but having trouble establishing a tunnel. MX running version 15.44
... View more
Labels:
- Labels:
-
3rd Party VPN
Oct 19 2021
2:09 PM
@rhbirkelund did you get this issue resolved. I am also having issues with some iPads experiencing the the same issue. when the iPad is woken it still shows the Wi-Fi connection icon, still has it IP address in network details but displays No Internet Connection. Like you we are unable to ping to or from the device. Not sure if this is the same as you ? but from our troubleshooting so far we have observed the following Within the dashboard the ipad shows as disconnected, also within client timeline we see "802.11 REASON (CODE 34) Missing Acknowledgements" error ? Problem is present on our MR33 and MR42 but not on MR36's occurs on SSID's using 802.1x with Cisco ISE 2.7 patch 4 as the Radius server, doesn't occur on SSID using PSK. We are also using CoA to apply Group Policies, however still to test 802.1x without COA to narrow this down. Occurs on multiple iPadOS versions including 14.7.X, 14.8, 15.0.2
... View more
@ZeeBoussaid did you get this resolved ? We are also experiencing issues with our MR33 and MR42 but not our MR36 that sound similar to yours. A number of our iPads can connect to the network but at random times normally after being unlocked from sleep they will display as connected but show as having no internet access. Although our devices show as having an IP address we are getting the same "5441 Endpoint started new session while the packet of previous session is being processed. Dropping new session." in the ISE We also have noticed that we get a "unexpectedly disassociated, but the client had a successful connection to <SSID> SSID 802.11 REASON (CODE 34) Missing Acknowledgements" within Clint Timeline, not sure if you get this ? We have had a call in with support for few weeks now but haven't got to the bottom of he issue .
... View more
Sep 6 2021
2:29 PM
Hi There, We have recently reconfigured one of our SSID's so that users are assigned a group policy that assigns ACL's and VLAN depending on if the user is a Staff member or a Pupil. The RADIUS functions are provided by Cisco ISE. Since making these changes users are now experiencing an issue whereby their device shows as connected, it has an IP address in the correct VLAN but it has no connectivity. We are unable to ping to and from the device and within the dashboard it shows as disconnected. In timeline we see "802.11 REASON (CODE 34) Missing Acknowledgements" which has the definition of association denied due to excessive frame loss rates and/or poor conditions on current operating channel, however our channels show as low utilization. We are currently only seeing this behaviour on the 5 GHz band and with iPads however they do make up the majority of our devices. Has anyone else seen or experienced this issue or can suggest troubleshooting?
... View more
Labels:
- Labels:
-
RF Spectrum
-
SSID
Feb 1 2021
6:57 AM
Thank you for clarifying @PhilipDAth much appreciated
... View more
Jan 28 2021
5:30 AM
The school I work for looking at Systems Manager to manage our staff and pupil devices and have 2 use cases Staff Devices: our staff devices are fully managed and devices enrolled in to our current MDM throw Apple DEP and this would remain if we move to Systems Manager. we require the ability to erase device, lock and clear password, install apps and profiles. Pupil Devices: we then have pupil devices that are owned by the the pupil and currently not managed by MDM but enrolled on to the network through Cisco ISE. We would like to have the ability to push out WiFi profiles and install apps but we would not have the right to erase the device or clear password. I know these functionalities are available and set up under the Configuration > General tab however due to the two scenarios of access rights what are the best practices around this ?, has anyone else got the same use case ?, am I best to have the staff and pupil devices in separate dashboard networks ? Regards
... View more
Labels:
- Labels:
-
Other
My Top Kudoed Posts
| Subject | Kudos | Views |
|---|---|---|
| 1 | 5002 |
© 2024 Cisco Systems, Inc.
