Symptom
ISE MnT Live sessions (and subsequently) Pxgrid Susbscribers like FMC, SMC etc would not have accurate User/IP mappings. The live-sessions record for the user would have a different IP address, normally the one belonging to previous session/user/machine.
Conditions
Seen in scenarios where DVLANs are pushed via ISE Authz profiles and user changes VLAN after authentication. This creates a scenario where multiple accounting packets are sent for the same endpoint from the NAS withing 5 seconds. Seen when ISE Client suppression feature is enabled. (Enabled by default)
Workaround
Set periodic updates instead of interim updates on new-info on the switch.
Or
Disable Suppression.
Further Problem Description
Currently, ISE allows 2 accounting updates within a given suppression time before dropping the subsequent requests for the same period of time. After that, the accounting packets are dropped silently on the ISE. This In scenarios where NADs are sending multiple Accounting interim updates to update the latest IP address assigned to the user, the threshold may exceed 2 and the latest update messages may not be processed.
If the above mentioned workarounds are not acceptable, please reach TAC for alternative fix.
