Wednesday, September 12, 2018

Any way to generate bulk 802.1x traffic to tshoot problems?

I've got a couple of customer sites with 8K to 10K devices hitting against ISE 2.4 and the devices just aren't consistently authenticating through these new Juniper EX4300s.

I'm not convinced ISE is my problem.

I'm pretty sure it's a firewall filter problem because when we remove the firewall filter, everything works perfectly (well, OK, the problems then become ISE, not my switches) but it's not re-creatable in my lab with just a couple of clients sending/receiving authentication. It usually seems to take a couple of switches worth (96 to 144).

The customer won't let my on-site engineer dig through the ISE logs himself and if he did, I've got just enough additional experience that I'd probably catch things he wouldn't.

I'm spitballing here. I can't logically think of a way to generate a bunch of 802.1x traffic because it all has to identify as coming from the same switches and go through the firewall filters (short of finding 96 laptops and rebooting the switch so they all try to authenticate at once and that ain't happening.)

Anyone else run into issues like this? JTAC and TAC aren't much help.

Thanks.



No comments:

Post a Comment