03-26-2020 06:03 AM
Hello,
I have Cisco ISE (VM 2.7 version) PoC deployment with RADIUS server sequence configured for MAB authentication. I use similar config in production deployment (SNS-3515-K9) with version 2.7 and I have no issue. No idea what I missed. Your help is highly appreciated. Thanks
Here is the error logs:
Event | 5405 RADIUS Request dropped |
Failure Reason | 11351 Failed to read RADIUS server sequence configuration; dropping request |
Resolution | Verify the ISE proxy service configuration. |
Root cause | ISE detected an error when trying to read the RADIUS server sequence configuration. Dropping the request. |
Solved! Go to Solution.
03-27-2020 01:39 AM
Hi,
Sometimes VM's just hang. Can you remove the External RADIUS configuration, reload ISE, reconfigure it and see if it works?
Regards,
Cristian Matei.
03-26-2020 06:29 PM
Can you share some more information about your architecture and policy configuration? The RADIUS Server Sequence is only used when ISE is acting as a RADIUS Proxy (hence, the message about the 'ISE proxy service') and forwarding RADIUS requests to a secondary RADIUS server. It is not used when ISE is the RADIUS server handling the request, which is most often the case with MAB authenticated endpoints.
For the typical scenario where ISE is authenticating and authorising the MAB endpoint, you would specify an Allowed Protocols list in the Policy Set rather than a RADIUS Server Sequence.
03-27-2020 03:48 AM
03-27-2020 01:39 AM
Hi,
Sometimes VM's just hang. Can you remove the External RADIUS configuration, reload ISE, reconfigure it and see if it works?
Regards,
Cristian Matei.
03-27-2020 08:23 AM
07-06-2020 09:30 PM
I tried the same thing and at first, it worked, but then started to fail again with the same error. In my case, I'm using a Duo RADIUS Proxy to enable MFA for VPN connections. Prior to 2.7, this worked flawlessly by using a RADIUS sequence pointing to two Duo Proxy servers. On the Duo proxy server, I configured it for RADIUS authentication back to ISE and it worked very well since ISE 2.4. After the upgrade to 2.7 with patch 1, I started seeing this error. I deleted the external RADIUS servers, removed the RADIUS sequence, rebooted both my ISE nodes, and then re-configured the external RADIUS servers and sequences. Things worked for a little bit, but then started to fail again and are currently not working.
Failure Reason | 11351 Failed to read RADIUS server sequence configuration; dropping request |
Resolution | Verify the ISE proxy service configuration. |
Root cause | ISE detected an error when trying to read the RADIUS server sequence configuration. Dropping the request. |
01-27-2021 08:36 PM
I ran into this issue today as well. ISE 2.7 p2. The RADIUS sequence was configured roughly two weeks ago and it was all working well until I saw this error today. I deleted the sequence and rebooted ISE. Then added the sequence back in (I didn't delete the two radius server entries).
Amazing(ly) shocking ... how can this be a gold star release? Basic RADIUS stuff. #not_impressed
02-26-2021 09:21 AM
I think you hit Bug https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvw66483
I observed this with only go into the External Sequence without changing anything.
So just create it and tell everyone not to touch the sequence.....
Still not fixed with P3....
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide