Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
171
Views
1
Helpful
6
Replies

Dynamic Authorization failed Failed

henokk60
Level 1
Level 1

‎08-11-2025 01:03 AM

Hi All,

We've enabled and configured posture assessment at our HQ and branch sites, each with a different WLC. The HQ WLC is functioning correctly, but the branch WLC is consistently logging the alarm 'No response received from Network Access Device after sending a Dynamic Authorization request.' Additionally, users at the branch site get stuck on an 'Action needed' posture state for an extended period after authentication. I've already investigated and ruled out common causes found on Cisco Community forums, such as incorrect NAD IP addresses or shared secrets, network connectivity issues, and NAD configuration for Dynamic Authorization. All these settings appear to be configured correctly and also check the HQ and branch WLC configuration and it is the same. 

Please if anyone got the same problem and how to resolve the issue please assist me 

Thanks,

0 Helpful
6 Replies 6

marce1000
Hall of Fame
Hall of Fame

‎08-11-2025 01:21 AM

 

  - @henokk60     What version of ISE are you using ?

   M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

henokk60
Level 1
Level 1
In response to marce1000

‎08-11-2025 01:33 AM - edited ‎08-11-2025 01:34 AM

Hi @marce1000  My ISE version currently is version 3.3 Patch 7

0 Helpful

PSM
Level 1
Level 1

‎08-11-2025 02:03 AM

COA on branch WLC is failing all the time or is it an intermittent issue ? Have you added all the PSNs in dynamic author client list with correct radius secret of WLC radius configuration ? Also is there any firewall on the network path between ISE and WLC ? If yes make sure UDP 1700 port has been whitelisted on the firewall from ISE to NAD(WLC)

0 Helpful

henokk60
Level 1
Level 1
In response to PSM

‎08-11-2025 04:16 AM

@PSM The issue is intermittent. I've checked the latency, and it is 1ms, which is within an acceptable range. The shared secret key has been verified and matches, and there is no firewall between the devices that would block the traffic.

0 Helpful

MHM Cisco World
VIP
VIP

‎08-11-2025 02:04 AM - edited ‎08-11-2025 02:06 AM

from WLC use WMI interface (interface you use in radius group) 
ping to ISE to check 
1- MTU size it support, dont forget use df bit 
2- latency

also if there is FW check 1700 port is open or not 

MHM 

0 Helpful

MHM Cisco World
VIP
VIP
In response to MHM Cisco World

‎08-11-2025 04:28 AM

latency is OK 
no FW 
share the packet capture between WMI and ISE 
to know how packet capture use check below link

https://youtu.be/7TXVqm3Rpmw?si=PEAUIr6E3IA_9ueB

How to Collect Logs and Debug Bundle on Catalyst 9800 Wireless Controller | Troubleshooting Guide
How to Collect Logs and Debug Bundle on Catalyst 9800 Wireless Controller | Troubleshooting Guide
youtu.be/7TXVqm3Rpmw?si=PEAUIr6E3IA_9ueB
In this video, learn how to collect logs and generate a debug bundle on the Cisco Catalyst 9800 Wireless Controller. We'll guide you through the steps to capture critical diagnostic data, helping you troubleshoot and resolve issues effectively to ensure optimal performance of your wireless ...
Customers Also Viewed These Support Documents