Today I had to troubleshoot two separate alarms on Cisco ISE:
- High Load Average (ranging from 10 to 60) on MnT node 184.108.40.206
- CoA Failed (about 30 alarms a day)
The first case was super easy, because this can (but doesn’t have to) be a false alarm. In my case the CPU is >90% but this is a monitoring node only so service is not impacted. This is a dedicated MnT node so nothing else can be done. In some other ISE versions there are some patches that can fix the high CPU problem, but not for 1.4.
The second case was slighly more complex in that after a failed dot1x / mab authentication attempt, ISE sent a disconnect CoA request (port bounce) and the switch didn’t reply to it. After the wait timer expired, ISE signalled a CoA error. This is totally a cosmetic issue and doesn’t have any impact on user experience. I’ve asked Cisco TAC about this and i’m waiting for an answer. That said, I don’t think i’ll get one. Cisco TAC has been getting worse and worse recently so my expectations are really low.