cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

150
Views
0
Helpful
3
Replies
Highlighted
Contributor

Error - EAP session abandoned

Hi Experts,

We are in middle of a migration from Great Bay NAC to Cisco ISE.

There has been migration of about 10 sites now, during these migrations what I have observed is that, newly integrated switches show some of the endpoints showing multiple EAP session abandoned logs in the live logs.
What could be causing this issue?
Since I have cleared authentication sessions for these endpoints, as well as tried shut and no shut (during the change window).
The state of the errors does not change though.
Could you point me to further troubleshoot this issue and get to a possible resolution may be?

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Cisco Employee

Re: Error - EAP session abandoned

You are correct that this is due to endpoints rather than NADs usually.

The steps section in an auth details report should give you more info. If an endpoint keeping giving you this error, you would likely need debugging on the endpoint supplicant.

View solution in original post

3 REPLIES 3
Highlighted
Cisco Employee

Re: Error - EAP session abandoned

Hi Dgaikwad,

 

This error means that the NAD (switch /WLC) did not get a response back from ISE before its radius timer expired and hence it started a new radius access request but ISE was still processing the previous request and hence did not expect a new radius access request for same user .

 

You can check the radius time out value configured on switch , delay between ISE and switch .

 

You can also check on ISE which step taking more time to process causing the delay - ISE->Operations->Radius Live Logs->Detailed live log report .

 

Regards

Contributor

Re: Error - EAP session abandoned

What I have seen is that, this happens for some of the endpoints. While rest others are connecting without any errors being reported.
Could you point out what are the attributes that I need to lookout for in the live logs for this specific endpoint?

Everyone's tags (2)
Highlighted
Cisco Employee

Re: Error - EAP session abandoned

You are correct that this is due to endpoints rather than NADs usually.

The steps section in an auth details report should give you more info. If an endpoint keeping giving you this error, you would likely need debugging on the endpoint supplicant.

View solution in original post