Cisco ISE - 5413 Radius Accounting-Request dropped

danielesquaranti · ‎08-03-2021

Hi,

I have a problem with the configuration of our Cisco ISE.

In the Radius logs we receive the messages the I attach.

But the Cisco ISE still manages to authenticate clients and authorize them with the correct policy...

Anyone that have any idea?

Thanks

Mike.Cifelli · ‎08-03-2021

For the community to better assist please provide additional info such as:

-AAA config

-ISE version

-ISE deployment type (ex: 2 PANs, 2 PSNs, etc.)

-NAD Platform/IOS version

Does this happen for all NADs? Usually this is an issue with a shared secret mismatch. However, if clients are onboarding successfully then the issue is something else. Note that it could be bug related depending on versions.

danielesquaranti · ‎08-04-2021

The Issue happen only with the WLC - with switches everything works fine.

We have only one ISE.

ISE version: 2.4.0.357

Cisco WLC 3500 series: 8.5.140.0 software version

AAA configs are attached.

Thanks for Reply

Mike.Cifelli · ‎08-04-2021

Have you tried re-entering the shared secret on the WLC side under the AAA server accounting configuration yet? Not familiar with 3500 series, but I know with the 5500 series for the AAA server config there are two different sections where you have to enable/configure AAA servers for both authentication & accounting. My thinking is that maybe there is a typo, if clients are successfully onboarding then that means the AAA authentication server shared secret is accurate. Maybe the AAA accounting server shared secret is off.

thomas · ‎08-04-2021

I agree with Mike - verify you RADIUS Shared Secret on the device and in ISE for that device.

The original error was telling you the solution: