Cisco TrustSec relies on multiple components. When authentication fails in the TrustSec environment, it may be challenging to find out root cause of the issue because you may need to look at different components. TrustSec 2.1 components include:

• Cisco ISE nodes
• Network access devices (NADs): Cisco Catalyst® Switches, Cisco Wireless LAN Controllers (WLC), Cisco ASA Adaptive Security Appliances
• Supplicants
• External identity stores

With recent enhancements, Cisco has put effort into providing a single point of view for troubleshooting by correlating switch syslog events to internal ISE events, as well as by providing interfaces on the ISE to poll for different authentication- related information on demand. Other enhancements on the ISE include a configuration validator, a TCP dump utility, and the ability to provide details about supplicant issues when the client is running Cisco AnyConnect® Network Access Manager with a certificate-based EAP type.

High-level Troubleshooting Steps