https://community.cisco.com/t5/network-access-control/external-radius-server-on-ise-dead-time/m-p/3551515#M503719 <HTML><HEAD></HEAD><BODY><P>Not exactly. The options for the server timeout and the number of connection attempts are for every request and influence when will ISE mark a server as dead. Once marked dead, ISE will skip the dead server for 5 minutes and not send any requests to it.</P></BODY></HTML> Mon, 16 Jul 2018 11:36:50 GMT hslai 2018-07-16T11:36:50Z https://community.cisco.com/t5/network-access-control/external-radius-server-on-ise-dead-time/m-p/3551514#M503718 <HTML><HEAD></HEAD><BODY><P>Hello ,</P><P></P><P>I have read the below document on&nbsp; how an external RADIUS server can be configured as an authentication server on Identity Services Engine (ISE) where ISE acts a proxy and as an authorization server as well.</P><P></P><P><A href="https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/213239-configure-external-radius-servers-on-ise.html" title="https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/213239-configure-external-radius-servers-on-ise.html">https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/213239-configure-external-radius-servers-on…</A></P><P></P><P></P><P style="color: #000000; font-size: 12pt; font-family: Calibri, sans-serif;"><SPAN lang="EN-US" style="font-size: 10.5pt; font-family: CiscoSans, sans-serif; color: #58585b; background-color: white;">The default <STRONG>dead time </STRONG>for external RADIUS Servers in ISE is <STRONG>5 minutes</STRONG>. This value is hardcoded and cannot be modified as of this version.</SPAN></P><P></P><P style="color: #000000; font-size: 12pt; font-family: Calibri, sans-serif;"><SPAN lang="EN-US" style="font-size: 11pt;">Can I suppose that if I set the <STRONG>server timeout</STRONG> and <STRONG>connection attempt</STRONG> can I modify definitively the dead time of external radius?</SPAN></P></BODY></HTML> Mon, 16 Jul 2018 08:57:28 GMT https://community.cisco.com/t5/network-access-control/external-radius-server-on-ise-dead-time/m-p/3551514#M503718 nmourtzi 2018-07-16T08:57:28Z https://community.cisco.com/t5/network-access-control/external-radius-server-on-ise-dead-time/m-p/3551515#M503719 <HTML><HEAD></HEAD><BODY><P>Not exactly. The options for the server timeout and the number of connection attempts are for every request and influence when will ISE mark a server as dead. Once marked dead, ISE will skip the dead server for 5 minutes and not send any requests to it.</P></BODY></HTML> Mon, 16 Jul 2018 11:36:50 GMT https://community.cisco.com/t5/network-access-control/external-radius-server-on-ise-dead-time/m-p/3551515#M503719 hslai 2018-07-16T11:36:50Z https://community.cisco.com/t5/network-access-control/external-radius-server-on-ise-dead-time/m-p/3751855#M503720 <P>Is the RADIUS server marked dead for the whole deployment or is this on a per node basis?</P> <P>Some further questions:</P> <P>What happens if all servers are dead in the sequence? Will ISE try to contact a server anyways, as the newer switches do as well or will there be just no authentication attempts at all during those five minutes?</P> <P>Also does ISE switch to the second Server in the sequence after the first timeout as seen on some switches or does it only attempt the next server after all retries failed?</P> Fri, 23 Nov 2018 10:52:24 GMT https://community.cisco.com/t5/network-access-control/external-radius-server-on-ise-dead-time/m-p/3751855#M503720 Philipp Staiger 2018-11-23T10:52:24Z