Archiv für den Monat: Oktober 2014

Cisco ISE VM performance problems

It shows that updating Cisco ISE VM from 1.1 up to 1.2.1 can lead to huge performance impacts. The original 1.1 version ran without problems, through the update of the VM to 1.2 the whole system got realy slow. The web interface was nearly unusable. Reboot of the VM solved the problem only for short term. Problem indicators are:

  • Non matching performance statistics between VMWare and Cisco Ise
  • Wrong alert messages from Cisco ISE concerning IO write performance
  • High authentication latency
  • Authenticators reporting dead radius server

The problem was solved through a fresh installation of Cisco ISE VM with 1.2 image and then updating to 1.2.1. The restore of the configurational backups works realy fine and even includes voucher codes if the ISE guest portal is used.

Please note that a restore requires to rejoin ISE VM to the domain and to rehost the installed license from the defect to the restored mashine. Also after restoring the backup, the VM gets the original ip address through the backup. So it has to be ensured, that the old mashine is offline or the restored one has no network connectivity while the old one is running.

 

Kron Bug Cisco 3850 and IOS XE 03.03.03SE

The Kron feature under Cisco IOS and Cisco IOS XE has multiple known bugs. Recently it showed , that a Ciscio 3850 running IOS XE 03.03.03SE with a configured Kron job for auto backup lost parts of it’s running configuration.

After the Kron job was executed, parts of the Kron configuration itself and also parts of interface configurations were missing. Mainly the execution time configuration of the Kron job got lost but also special port configurations of uplink ports, which made the bug critical.

We now use EEM scripts as alternative solution to the Kron feature. See http://www.cisco.com/c/en/us/products/ios-nx-os-software/ios-embedded-event-manager-eem/index.html for more information.

Access Point (Cisco AP 2602) can’t join Controller, „error opening flash“, „event 10 & state 5“

The access point can’t join the controller and the debug output of the access point shows outputs like:

„%CAPWAP-3-ERRORLOG: Invalid event 10 & state 5 combination.“

„%Error opening flash:/ap3g2-rcvk9w8-mx/info (No such file or directory)cisco AIR-CAP2602I-E-K9 (PowerPC) processor (revision A0) with 180214K/81920K bytes of memory.“

This is based on a faulty AP image and can be resolved through a console session on the AP and following commands:

  • debug capwap console cli
  • en
  • conf t
  • test mesh mode local

This forces the AP to get a fresh image from the wireless controller and he’ll join the controller after getting the image.