Cisco SDA & ISE & AnyConnect & Endpoint Troubleshooting
Jaison Mathew
Customer Delivery Architect at Cisco, Author of 'The Wealthy Kids' Guide'
After updating it for a long time, I decided to publish it for now, I may update this later, but this is the first version getting published.
This mindmap covers more on the Wired side, and troubleshooting using the Cisco switch CLI show the output of?'show authentication session interface detail'?command output. Still, most of the significant points also apply to wireless. This article covers the deployments with?Cisco SDA & ISE & AnyConnect & Wired Infrastructure. We can encounter more scenarios in wireless deployment, and I may develop an updated version later. I will cover the same in detail on my YouTube channel shortly.
I'm not claiming this is 100% accurate for each scenario; please consider this a starting point. We tried our best to capture most of the issues we faced during multiple deployments and put them in an easy-to-follow model. However, as I mentioned, this could be better; feel free to point out any mistakes in the document so that we all can keep improving.
Thank you for all your support during the development of this Mind-Map Mandar Godbole , Rafiya Sheikh , Raghav Chandak , Rohan Bahalkar
REGIONAL ENGINEER at ZENITH BANK PLC NIGERIA
1 年Please share more tips and tricks on Cisco's secure clients and identity services engine. Thank you so much for sharing.
Senior Consultant @ Cisco Systems | Expert in Cisco VXLAN EVPN, NDFC, DNA SDA, Cat9k, WLC, ISE, ACI | Continuous Learner | CCNA, CCNP, DevNet Certified
2 年Hey Jaison Mathew amazing article! Very insightful...! I would add one more check at ip addressing part of workflow. If the device is successfully authenticated and authorized with correct VLAN and SGT, if the device ( FE) is not trusted in ISE, Endpoint won't get IP. A CTS based workflow can be added.. to check if the FE is trusted in ISE ( either permit all or trustsec device to trustsec device SGT permit is present) so that SGACls are in place...
Lead Architect Secure Networking | Cisco Validated. 3xCCIE, MS Computer Networks, MBA in Telecom Management, SM IEEE. MIET
2 年Great Article, Thanks Jaison Mathew for sharing this. It is better if you can number each mind map flow so people can refer to them asking questions. May I ask In Silent Host DNAC scenario - what exactly you are doing with CLI template Push?