ISE - IOS bug!

I am using a stange issue in my environment. I use ISE 1.2 fo as radius server for device management/authentication(Not NAC usage). I am having Cisco c6509E VSS as core device. The device was added to ISE and aaa auth was working fine. I changed IP address of switch during my DC migration. Since then AAA fail for thsi device. ISE report and TCPdump shows old IP. My wireshard capture(SPAN port) also showing old IP in packet header irrespective of radius source interface I use in switch. Debug (radius/aaa) output in switch showing the correct interface addres whcih I  use in 'ip radius source-interface'.
Unfortunatly I am unable to restart switch as it is core device in a critical place. It looks like a stange IOS issue. Did any one faced this kind of issues? Please advise how to resolve without restart. Don't know why the switch is always using its old IP to frame radius packet.

These have been virified. I tried difference source interfaces and even changed  MAC addresses of SVIs. I am sniffing interface of ISE appliance to capture radius packets. I wondering how C6509E switch can frame a IP packet with source address not belonging to it. MAC address belongs to the switch but source IP address not belonging to the switch(Its old IP address).

Similar Messages

  • How can I tell that it is a hardware issue or ios bug issue with Iphone 4S Battery life & flapping 3G?

    Hi There,
    My Battery dies real quick on 4S compared to 4 eventhough my wireless is off, location services are off, the only thing on is the cellular data. I even adjusted the brightness to 60%.
    Another issue is that My 3G connection keeps flapping, goes & comes in a wierd way where it falls back to Edge.
    Am I to consider this part of the issues i can see so many people facing & therefore consider as ios bug & wait for the update or should I take it over to a service center to check the phone for me which means waste of time to get it done.
    Kindly advise from your experience

    It's almost always a software issue. Actual hardware problems are rare but can get very serious, if you recall the antenna issue last year.
    Reception problems just depend on how strong the signals are at your location. But if you're dropping to Edge even in strong areas, it wouldn't hurt to have an apple store look at it.

  • Has anyone experienced the mute switch / auto-rotate switch iOS bug on their ipad?

    Has anyone experienced the mute switch / auto-rotate switch iOS bug on their ipad?
    I have experienced this on iPad 1 as well as iPad 2.
    Basically, when you set the side switch to toggle screen orientation (or mute), after a period of use I will have either my sound cease to function or the ipad screen will not orient correctly.  This depends on what i have chosen the side switch to toggle.  I am not sure what causes it.  The time it takes for the problem to appear is inconsistent. Some say it is caused by third party applications.
    One can find numerous threads on here if you search for "sound on my ipad stopped working" or "orientation not working".  It appears to be the same problem. Fudging with the toggle switch settings can fix it (but it takes a weird order to get it out of its non functioning loop). 
    Here is a thread that addresses the sound issue:  https://discussions.apple.com/message/15263298#15263298

    Its only for notifications.. it is not for sound from videos or music!

  • Service Instances VLAN limit or IOS bug ?

    Hi,
    I've a big problem with a service instance VLAN limit , I can't add more than N characters inside the command "encapsulation dot1q".
    This is the platform: 
    CISCO7606-S
    CARD: ES+
    IOS: c7600s72033-advipservices-mz.122-33.SRD8.bin
    And this is the example:
    interface GigabitEthernet3/3
    service instance 300 ethernet
    encapsulation dot1q 502,506,508,513,517-518,528,532,535,548,
    555-556,577,608,611-613,637,662,664,667,673,688,702,840,848,851,862,876,887,895,922,934
    After the VLAN 934 the router does't add more VLAN and if you try to add another one the command is accepted, no errors appear, but if you check again the show run of the interface..nothing changed!
    I tried to load the startup configuration from tftp  and reboot but no luck..the only workaround that i've found is to join the vlan effectively reducing the number of characters.
    I think that could be an IOS bug, but can't find any evidence of this theory...
    Have you ever faced this kind of problem? 
    Thanks and Regards
    Roberto

    Well I think it's just a bug, because I just copy all my rules (policy-map,class-maps,ACLs), change they names(add 1 at the end)(router change their ID's I suppose), and point this to my zone-pair security and it works fine!
    class-map type inspect match-all DMZ310_TO_INTERNET_PASS1
    match access-group name DMZ310_TO_INTERNET_PASS1
    class-map type inspect match-all DMZ310->INTERNET_INSP_COMB1
    match access-group name DMZ310_TO_INTERNET_INSPECT1
    match class-map DMZ310->INT_INSPECTION_PROTOCOLS1
    class-map type inspect match-any DMZ310->INT_INSPECTION_PROTOCOLS1
    description ---=============
    match protocol tcp
    match protocol icmp
    match protocol dns
    match protocol user-nashssh
    match protocol http
    match protocol udp
    policy-map type inspect DMZ310->INTERNET_POLICY1
    class type inspect DMZ310_TO_INTERNET_PASS1
      pass
    class type inspect DMZ310->INTERNET_INSP_COMB1
      inspect
    class class-default
      drop
    zone security INTERNET
    zone security DMZ310
    zone-pair security DMZ310->INTERNET source DMZ310 destination INTERNET
    service-policy type inspect DMZ310->INTERNET_POLICY1
    interface GigabitEthernet0/1.310
    encapsulation dot1Q 310
    ip address 1.1.1.2 255.255.255.128
    ip nat outside
    ip virtual-reassembly in
    zone-member security DMZ310
    standby 3 ip 1.1.1.1
    standby 3 priority 15
    standby 3 preempt
    ip policy route-map BGP-DEFAULT-ROUTE
    service-policy input POLICE_DMZ310_IN
    service-policy output POLICE_DMZ310_OUT
    interface GigabitEthernet0/1.301
    description -=ISP=-
    encapsulation dot1Q 301
    ip address 2.2.2.2 255.255.255.252
    ip flow ingress
    ip nat outside
    ip virtual-reassembly in
    zone-member security INTERNET
    ip access-list extended DMZ310_TO_INTERNET_INSPECT1
    permit icmp host 1.1.1.5 any
    permit ip host 1.1.1.5 any
    deny   ip any any

  • ISE IOS CLI Authentication Quandry

    Im trying to push the limits of ISE, since tacacs+ isnt supported yet. The goal is to authenticate switches and routers using radius against ISE. I think I am on the right track, since I can login against ISE. However, when I login to enable the ISE Authorizations log shows Radius status fail, with a failed attempt from user $enabl15$.
    I have my device added to ISE. An authorization profile has been created for each privilege level, I am using policy sets and have the correct authz and autht policies. Below are the examples of my ISE configuration and router configuration. Hopefully it helps fix my problem, or it may help the next troller with success of their own configuration.
    Auth Profile: When choosing priv-lvl=15 after hitting save, web auth is automatically selected.
    Policy Set:
    router configuration
    aaa group server radius Rad_AUTH1
     server name Rad_Auth
    aaa authentication login CONSOLE local
    aaa authentication login Rad_Auth group Rad_AUTH1 local none
    aaa authentication enable default group Rad_AUTH1 enable none
    aaa authorization exec default none 
    aaa authorization exec Rad_Auth group Rad_AUTH1 if-authenticated 
    aaa accounting exec default start-stop group radius
    radius server Rad_Auth
     address ipv4 x.x.x.x auth-port 1645 acct-port 1646
     timeout 3
     key 7 052F302B3B7E491B41
    line vty 0 4
     session-timeout 30 
     exec-timeout 30 0
     authorization exec Rad_Auth
     login authentication Rad_Auth
     transport input ssh

    Thanks for the reply Neno. I got it worked out and will be submitting a new document for future trollers. There were a couple things I had to change in both ISE and in IOS. 
    In IOS
    aaa authentication login default group radius local none
    aaa authentication login CONSOLE local
    aaa authentication enable default group radius enable none
    aaa authorization exec default group radius local 
    In ISE the AuthZ and AuthT policies worked, but didnt give the results I wanted. For example, since radius uses the $enabl$ as a username for the privilege level I had to put a deny at the end of each policy. Without it, enable would go to the next default rule, it also allowed a priv 5 to type in enable and get priv 15 access. 

  • Photoshop Touch SDK for iOS Bugs and annoyances

    I've just finished implementing the "Touch" capability in my iOS app. As I can't find anywhere to post bug reports, and this may help others, here's my experience:
    BUGS:
    1. sendImage in psconnection is multiply broken:
    (a) Network communication depends on the PSRawImage C structure. However, that does not take padding into account. This may work for build settings that don't allow structure padding, it certainly doesn't work for my settings.
    (b) Pixmap support is broken. The CGBitmapContext setting (RGB 888) it attempts to use is unsupported and will throw an exception on iOS
    (c) JPEG support is broken - the (required) format byte simply isn't added to the network packet.
    2. The documentation is wrong/incomplete
    (a) It doesn't mention the format byte - you have to find that in the demo programs that don't use psconnection.
    (b) It suggests that messages to the server are acknowledged. If they are, I'd like to know where/how.
    3. The test version of Photoshop  crashes with some (not all) JPEG images:
    Process:         Adobe Photoshop CS5.1 [976]
    Path:            /Applications/Adobe Photoshop CS5.1/Adobe Photoshop CS5.1.app/Contents/MacOS/Adobe Photoshop CS5.1
    Identifier:      com.adobe.Photoshop
    Version:         12.1 (12.1x20110328.r.145) (12.1)
    Code Type:       X86-64 (Native)
    Parent Process:  launchd [100]
    Date/Time:       2011-04-19 13:10:26.385 +0200
    OS Version:      Mac OS X 10.6.7 (10J869)
    Report Version:  6
    Exception Type:  EXC_BAD_ACCESS (SIGSEGV)
    Exception Codes: KERN_INVALID_ADDRESS at 0x0000000000000000
    Crashed Thread:  0  Dispatch queue: com.apple.main-thread
    Thread 0 Crashed:  Dispatch queue: com.apple.main-thread
    0   com.adobe.Photoshop           0x0000000100541190 AWS_CUI_GetVersionComments(OpaqueWindowPtr*, adobe::q::QDocument&, adobe::q::QString&, adobe::q::QAttributeList&, adobe::q::QDocument*, adobe::q::QProject*, long) + 2510156
    1   com.adobe.Photoshop           0x00000001004b4dfa AWS_CUI_GetVersionComments(OpaqueWindowPtr*, adobe::q::QDocument&, adobe::q::QString&, adobe::q::QAttributeList&, adobe::q::QDocument*, adobe::q::QProject*, long) + 1935798
    2   com.adobe.Photoshop           0x00000001004b84d2 AWS_CUI_GetVersionComments(OpaqueWindowPtr*, adobe::q::QDocument&, adobe::q::QString&, adobe::q::QAttributeList&, adobe::q::QDocument*, adobe::q::QProject*, long) + 1949838
    3   com.adobe.Photoshop           0x00000001007ba4a7 AWS_CUI_GetVersionComments(OpaqueWindowPtr*, adobe::q::QDocument&, adobe::q::QString&, adobe::q::QAttributeList&, adobe::q::QDocument*, adobe::q::QProject*, long) + 5103715
    4   com.adobe.Photoshop           0x0000000100066573 0x100000000 + 419187
    5   com.adobe.Photoshop           0x0000000100066636 0x100000000 + 419382
    6   com.adobe.Photoshop           0x00000001012e0723 AWS_CUI_GetVersionComments(OpaqueWindowPtr*, adobe::q::QDocument&, adobe::q::QString&, adobe::q::QAttributeList&, adobe::q::QDocument*, adobe::q::QProject*, long) + 16794335
    7   com.apple.Foundation          0x00007fff80d057d5 __NSFireTimer + 114
    8   com.apple.CoreFoundation      0x00007fff86d90be8 __CFRunLoopRun + 6488
    9   com.apple.CoreFoundation      0x00007fff86d8edbf CFRunLoopRunSpecific + 575
    10  com.apple.HIToolbox           0x00007fff87bc97ee RunCurrentEventLoopInMode + 333
    11  com.apple.HIToolbox           0x00007fff87bc95f3 ReceiveNextEventCommon + 310
    12  com.apple.HIToolbox           0x00007fff87bc94ac BlockUntilNextEventMatchingListInMode + 59
    13  com.apple.AppKit              0x00007fff80f7be64 _DPSNextEvent + 718
    14  com.apple.AppKit              0x00007fff80f7b7a9 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 155
    15  com.apple.AppKit              0x00007fff80f4148b -[NSApplication run] + 395
    16  com.adobe.Photoshop           0x00000001012e0644 AWS_CUI_GetVersionComments(OpaqueWindowPtr*, adobe::q::QDocument&, adobe::q::QString&, adobe::q::QAttributeList&, adobe::q::QDocument*, adobe::q::QProject*, long) + 16794112
    17  com.adobe.Photoshop           0x00000001012e10a1 AWS_CUI_GetVersionComments(OpaqueWindowPtr*, adobe::q::QDocument&, adobe::q::QString&, adobe::q::QAttributeList&, adobe::q::QDocument*, adobe::q::QProject*, long) + 16796765
    18  com.adobe.Photoshop           0x0000000100068286 0x100000000 + 426630
    19  com.adobe.Photoshop           0x0000000100237199 0x100000000 + 2322841
    20  com.adobe.Photoshop           0x0000000100237229 0x100000000 + 2322985
    21  com.adobe.Photoshop           0x0000000100002294 0x100000000 + 8852
    A Google search on the crash signature above shows it has previously occurred as a result of corrupt fonts.  However (a) I'd done all the font checking etc as recommended, and (b) this only occurs for JPEGs, not pixmaps.
    Annoyances:
    1. psconnection is a huge memory hog; it creates multiple copies of images and network packets. Be prepared to rewrite if you're dealing with large images.
    2. psconnection is not thread safe. Be prepared to put in locks and inter-thread communication code.
    3. psconnection is iPad only. Be prepared to rewrite to be able to use it on an iPhone
    4. The serial number for the test version of Photoshop as provided on the Adobe site only works for a few hours, then decides that the serial number is invalid.
    Hints:
    The demo programs e.g., transmitimage, do seem to work, as opposed to psconnection. However, they use their own code that doesn't do much in the way of error checking, etc.
    Sandy

    Can we now assume that the touch SDK has been abandonned by Adobe? It's now a year after "should be updated soon", and currently if you try to download the touch SDK from this page you get the Photoshop 3 SDK instead!!!
    I ask as I'm about to remove Touch support from my app; the very few people that use touch are now having problems e.g., timeouts, with the latest version of Photoshop.
    Sandy

  • Cisco Identity Service Engine (ISE) (CSCup22534)--bug information

    I can see this bug information, can you please help?
    Cisco Identity Service Engine (ISE) (CSCup22534)

    Backup Data Type
    Cisco ISE allows you to back up data from the primary or standalone Administration node and from the Monitoring node. Backup can be done from the CLI or user interface.
    Cisco ISE allows you to back up the following type of data:
    Configuration data—Contains both application-specific and Cisco ADE operating system configuration data.
    Operational Data—Contains monitoring and troubleshooting data.
    Restore operation, can be performed with the backup files of previous versions of Cisco ISE and restored on a later version. For example, if you have a backup from an ISE node from Cisco ISE, Release 1.2, you can restore it on Cisco ISE, Release 1.3.
    http://www.cisco.com/c/en/us/td/docs/security/ise/1-3/admin_guide/b_ise_admin_guide_13/b_ise_admin_guide_sample_chapter_01100.html#reference_4F69987D3294499E95C1B652C4D1E73D

  • OSX and iOS bug breaks SSL

    This type of massive security lapse by Apple does make me question why I've been going to all the hassle and expense of running an OSX, SSL only, family email server for the last few years.
    http://www.crowdstrike.com/blog/details-about-apple-ssl-vulnerability-and-ios-70 6-patch/index.html
    http://www.theregister.co.uk/2014/02/21/apple_patches_ios_ssl_vulnerability/
    IOS update available but no OSX update yet.
    https://support.apple.com/kb/HT6147

    Here is a simple shell script that will automate this for you. Copy the conent into a file named wififixer.sh (as an example). The from a terminal window you can run it as:
    $ sh wififixer.sh
    The code:
    #!/bin/sh
    # This code is being released to Public Domain.
    # THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
    # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
    # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
    # ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
    # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
    # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
    # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
    # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
    # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
    # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
    # SUCH DAMAGE.
    # The purpose of this program script is to find the default gateway
    # and continuously ping it every 15 seconds, in order to workaround
    # Apple's BUG in their Wifi (AES) framework/driver, where Wifi
    # connectivity is lost without continuous packet exchange.
    # This BUG has been persistent in iOS 6 onward. It was also introduced
    # with release of MacOS Mavericks 10.9.x.
    # Reference: https://discussions.apple.com/message/24119041#24119041
    # Find out IPv4 default gateway in route table.
    gw=`netstat -rnfinet | grep default | awk '{print $2}'`
    # If not found in route table, print message and exit.
    test -z "${gw}" && echo "No (default) Gateway found." && exit 1
    # ping the gateway every 15 seconds
    ping -i 15 ${gw}

  • When will Apple address iOS bugs

    At first I was having problems connecting go wifi but a network reset would suffice. Now my iPhone 4S cannot even scan for networks let alone connect.  In addition, I have to be charging three times with the Battery drain.  I have tried numerous so called fixes and have gotten nowhere. Will apple ever address these bugs in their New (very disappointing) new iOS or should I upgrade to an android?

    Neither I, nor anyone else I know has had problems with iOS 6 on our iDevices.  There are no bugs as far as I'm concerned.
    As far as switching to an Android, you need to do what you feel is best for you.  We're users here, not Apple.  We've no vested interest in your staying with Apple.

  • Shouldn't iOS 7 release on the iPod touch 4th gen and iPhone 3GS because of an iOS bug involving faulty/generic chargers?

    Someone should tell Apple about this because the bug is still in iOS 6 but reportedly is fixed in iOS 7 beta 4 or 5

    Why don't you?
    Send the information to http://www.apple.com/feedback/iphone.html
    Allan

  • Very Weird IOS Bug - iPad and iPhone

    This is a really weird scenario - which I hope someone may shed some light on.
    I'm building a new website, and there are parts of the website that don't function at all on either my iPhone 5, or iPad 2  - (both on IOS 8.3) , yet when I try the very same thing on other peoples iPads or iPhones (various types - some identical configuration to mine), it always works perfectly (I haven't found anyone else's iPad or iPhone yet where it doesn't work).
    I've tried everything, upgrading from IOS 8.1 to 8.3, shutting down, removing all cookies and history (repeatably), turning off javascript then back on etc  - yet for some reason nothing changes and I cannot get the functionality to work on my iphone or ipad.
    There are a number of bit of functionality that fail, but an easy one to test is:
    1/. Go Here: http://test.chillisauce.co.uk/hen/london/cocktail-making_15598/
    2/. Click the save button
    3/. When the modal opens click the top button labelled "Yes - Make A Stag Do"
    On my iPhone  / iPad the button does nothing. If the code is working on your iPad / iPhone , then you will be taken to another page - if not, like me, the button does nothing.
    Even if you don't know what the issue is, I'd be greatful if you could tell me if the function works for you or not.

    Hi Big Zee,
    It works fine on my iPad mini and my iPhone. Maybe you have some old Javascript stuck in your cache.

  • IPhoto iOS bug

    There is a serous bug with the app. When I go to edit a photo, there is no undo, just a "x". When I hit this, it removes the photo from the screen, and is no longer in the iPhoto album named "camera roll". It is however still on the devices (iPhone 4) camera roll. After that, it shows up on the "edited" album  cover in iPhoto, but when you select that album, it is empty!  Anyone else have this issue?

    Ok. I figured it out. Tap on the bar above the thumbnails and select "Hidden." Then you can tap the X and it will unhide the photo and return it to the album. If then you want to undo the edit, select the photo (with the lock on it) and then open the cogwheel and Revert. The original photo will be back in the album in its original state. The confusing part was the lack of the curved undo arrow in the iPhone version.

  • IOS Bug (?~5.1.1)

    1.copy some Chinese from the Internet .
    2.turn off "Simple Passcode" in Settings.
    3.tap "paste" to set new Passcode.
    then,you will never be able to unlock your iPad/iPhone again.....
    (you can't input Chinese in the lock screen)

    No! That's the question.....
    I am from China,and the system language of my iPad IS Chinese,But in the lock screen,there's ONLY a English keyboard,and I can't change it.....
    If you really done this,The only way to unlock it is use the "Find my iPhone" app,to lock your iPad AGAIN ,with a new passcode......
    I hope this bug will be fixed in iOS6....

  • IOS bug?

    Since this morning when I updated my iOS the music player seems to act strange. It tells me that is playing but I listen no sound at all.
    Or it plays one song and stops, or even stranger: it plays one song and show me another one...!
    I loved all the improves but now I just want to listen to my music!
    Someone having the same problem?
    Tks.

    Given the sporadic nature of the failure and the fact that the 3S is the oldest in the supported timeline for iOS 6, it may just be that the OS is too big a piece to chew and the hardware is falling short under certain conditions. Can suggest making sure the storage on the phone is not too full so there's working room should the OS need it.

  • One more iOS bug found

    When using advanced editor, the cancel button tries to post and gives a message that you cannot post a blank form. It does not cancel.
    This is the one that made my wife finally sigh and say "what is wrong with them?  they don't normally mess up this bad" after hearing me complain about lack of iOS support. She also just said i dont sound this mad at M$. Then she observed why, we expect so much more from apple. How they could over look millions of ipad users.
    Jason

    I agree that the example does not (and should not) compile.

Maybe you are looking for

  • Error while posting with Tax code

    Dear All, I am getting the following error while i am trying to post with a tax code. Can someone tell me what could be the issue? Customization for RIL j_1iindcus missing in table Message no. 8I303 Diagnosis The customization details have not been m

  • How can I copy songs in my iTunes library on my Macbook Pro to a new MacBook?

    I bought a Macbook Pro 13-inch a few weeks ago. Version: Mac OS X 10.7.1 Processor: 2.7 GHz Intel core i7 Memory: 4 GB 1333 MHz DDR3 I go to school now, but anyways, the school gave me a MacBook to study, play, and listen to music with, but I do not

  • One more new System in CC 5.1

    Hi, We have been using CC5.1 for quite some time now. We have installed another RTA 5.1 in new system which is 4.6C.They are in the same SLD. Currently, CC5.1 is being used on ABAP+JAVA stack (called as SERVER1). Now we want to include new system whi

  • Problem with Tabbing Order in LiveCycle

    I have a two page form.  The last field on the second page is an image field (the user can attach a graphic).  The problem is it won't tab back to the first page after this field.

  • WRT54G Not working

    I have a WRT54G router that was working fine until a couple of days ago when it quit on me. The power light is not on, but the other LED's are on. I cannot connect to the router, so what should I do to fix this?