Re: Cisco ISE - RADIUS Authentication

M Talha · ‎12-13-2024

Hi All,

I am currently testing (ISE 3.3 patch 4) behind F5 load balancer and able to successfully authenticate TACACS request. Although when I am trying to authenticate endpoints for RADIUS, receiving getting below logs. Currently in the production environment (ISE 2.7) is running smoothly. Should I need to check and specific thing to get this RADIUS authentication issue sorted ?

1.

2.

MHM Cisco World · ‎12-13-2024

I will send you some points to check

Thanks for waiting

MHM

thesbrown · ‎05-15-2025

Hello MHM,

Could you also send me the points to check?

Flavio Miranda · ‎12-13-2024

@M Talha

How is your ISE deployment? It is one box or multiple box?

If multiple, you may face issue when the F5 load balance the traffic and send the traffic to a new box and not the one that started the process with the end point device.

If that is the case, you need check NAT config on the LB and you may need Virtual server for IP Forwarding

On this link below you will find all the information you need.

https://community.cisco.com/t5/security-knowledge-base/how-to-cisco-amp-f5-deployment-guide-ise-load-balancing-using/ta-p/3631159

thesbrown · ‎05-15-2025

Did you find a solution to this?

M Talha · ‎05-20-2025

Yes sorted out the issue as it was certificate related. Enabled EAP authentication on the certificate and it worked.