OPERATIONAL DEFECT DATABASE
...
...
ISE MnT Live sessions (and subsequently) Pxgrid Susbscribers like FMC, SMC etc would not have accurate User/IP mappings. The live-sessions record for the user would have a different IP address, normally the one belonging to previous session/user/machine.
Seen in scenarios where DVLANs are pushed via ISE Authz profiles and user changes VLAN after authentication. This creates a scenario where multiple accounting packets are sent for the same endpoint from the NAS withing 5 seconds. Seen when ISE Client suppression feature is enabled. (Enabled by default)
Set periodic updates instead of interim updates on new-info on the switch. Or Disable Suppression.
Currently, ISE allows 2 accounting updates within a given suppression time before dropping the subsequent requests for the same period of time. After that, the accounting packets are dropped silently on the ISE. This In scenarios where NADs are sending multiple Accounting interim updates to update the latest IP address assigned to the user, the threshold may exceed 2 and the latest update messages may not be processed. If the above mentioned workarounds are not acceptable, please reach TAC for alternative fix.
Click on a version to see all relevant bugs
Cisco Integration
Learn more about where this data comes from
Bug Scrub Advisor
Streamline upgrades with automated vendor bug scrubs
BugZero Enterprise
Wish you caught this bug sooner? Get proactive today.
