08-06-2018 09:46 AM
We are using a netscaller to load balance radius requests to our PSNs nodes for 802.1x. When I go from a cisco switch directly to the PSN nodes it works fine. When we try to pass it through the LB we get the "5440 Endpoint abandoned EAP session and started new" error. We are doing EAP-TLS with certificates.
Solved! Go to Solution.
08-06-2018 12:34 PM
The issue suggests that you do not have persistence configured properly on the Netscaler LB. See Cisco Live session BRKSEC-3699 (reference version) posted to ciscolive.com (requires one-time free registration) for additional details on persistence as well as Citrix examples. Direct link:
This is an example based on Calling Station ID:
add lb vserver radius-auth RADIUS 172.16.0.16 1812 -rule "CLIENT.UDP.RADIUS.ATTR_TYPE(31)" -cltTimeout 120
add lb vserver radius-acct RADIUS 172.16.0.16 1813 -rule "CLIENT.UDP.RADIUS.ATTR_TYPE(31)" -cltTimeout 120
set lb group RADIUS-Calling-Station-ID -persistenceType RULE -rule "CLIENT.UDP.RADIUS.ATTR_TYPE(31)
Craig
08-06-2018 12:34 PM
The issue suggests that you do not have persistence configured properly on the Netscaler LB. See Cisco Live session BRKSEC-3699 (reference version) posted to ciscolive.com (requires one-time free registration) for additional details on persistence as well as Citrix examples. Direct link:
This is an example based on Calling Station ID:
add lb vserver radius-auth RADIUS 172.16.0.16 1812 -rule "CLIENT.UDP.RADIUS.ATTR_TYPE(31)" -cltTimeout 120
add lb vserver radius-acct RADIUS 172.16.0.16 1813 -rule "CLIENT.UDP.RADIUS.ATTR_TYPE(31)" -cltTimeout 120
set lb group RADIUS-Calling-Station-ID -persistenceType RULE -rule "CLIENT.UDP.RADIUS.ATTR_TYPE(31)
Craig
08-06-2018 01:51 PM
What should we have the connection type and settings set to?
08-06-2018 04:04 PM
I would start with Least Connections and see if that shows even distribution of ISE sessions. https://docs.citrix.com/en-us/netscaler/11/traffic-management/load-balancing/load-balancing-customizing-algorithms/leastconnection-method.html
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide