...
BugZero updated this defect 37 days ago.
Symptoms include, but are no limited to the following: -Authentication step latency on multiple policy evaluation steps. -High average request latency during times of peak load. -Authentication request latency does not recover until after the system is reloaded. -Profiler Queue Full Alarms
-Running ISE 2.7 patch 2 or later. -MAB authentication with unknown endpoints. -High amounts of Accounting data. -High amounts of profiling.
The only workaround without patching or upgrading the system is to reduce the traffic volume being sent to individual nodes or spread the traffic across additional ISE nodes. A reboot of the system may temporarily alleviate the issue but it may come back within minutes after reloading.
A hotpatch is available for this issue through TAC. Tuning changes have been made to Java to reduce the frequency of Java garbage collection. Garbage collection was found to be consuming the CPU for a higher percentage of the time than intended. This in turn was leading to less time for the core functions of ISE to be running on the CPU leading to performance degradation.
7.5
ISE Evaluate OpenSSH CVE-2024-6387 "regreSSHion"7.5
Auth Step latency for policy evaluation due to Garbage Collection activity.7.5
Cisco 2800, 3800 and 1560 series APs fail to pass traffic7.5
M500IT Model Solid State Drives on 4100/9300 may go unresponsive after 3.2 Years in service7.5
Access Points stuck in bootloop due to image checksum verification failed7.5
ISE Evaluate OpenSSH CVE-2024-6387 "regreSSHion"7.5
Auth Step latency for policy evaluation due to Garbage Collection activity.7.5
Cisco 2800, 3800 and 1560 series APs fail to pass traffic7.5
M500IT Model Solid State Drives on 4100/9300 may go unresponsive after 3.2 Years in service7.5
Access Points stuck in bootloop due to image checksum verification failed