Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
10449
Views
5
Helpful
6
Replies

Dynamic Authorization Failed

Go to solution
Manish Patel
Level 1
Level 1

‎09-12-2012 12:45 AM - edited ‎03-10-2019 07:32 PM

hi

I keep getting error meesages on the ISE in regards to RADIUS

the error is

Dynamic Authorization failed : 1213 No response received from Network Access Device

                 

i am using ISE version 1.1.1 and the NAD is a WLC running version 7.0.98.0

i use ISE to authenticate users via PEAP. I deleted the NAD and re-added it twice but i still keep getting this issue. this set up was working fine for the last few weeks.

i dont think location and device type would cause an issue to authentication under the NAD list

anyone have any ideas?

2 people had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Tarik Admani
VIP Alumni
VIP Alumni
In response to Manish Patel

‎09-12-2012 05:48 PM

Is the option not there or was it not set? I can't remember if your version has radius nac.

Either way if it was disabled it could have been set and it wasn't saved and reverted after a reboot.

View solution in original post

0 Helpful
6 Replies 6

Go to solution
Tarik Admani
VIP Alumni
VIP Alumni

‎09-12-2012 04:25 AM

Yes the issue maybe related to radius Nac not being configured in the advanced settings of the ssid please check and see if it goes away. I can't remember if radius Nac is in the code you are running.

Sent from Cisco Technical Support iPad App

0 Helpful

Go to solution
Manish Patel
Level 1
Level 1
In response to Tarik Admani

‎09-12-2012 05:14 PM

hi

this solution was working fine i.e with the current versions of ISE and 7.0.98.0

had a look at the advanced setting on the WLC and RADIUS NAC isnt there.

why would it stop working suddenly...

0 Helpful

Go to solution
Tarik Admani
VIP Alumni
VIP Alumni
In response to Manish Patel

‎09-12-2012 05:48 PM

Is the option not there or was it not set? I can't remember if your version has radius nac.

Either way if it was disabled it could have been set and it wasn't saved and reverted after a reboot.

0 Helpful

Go to solution
Manish Patel
Level 1
Level 1
In response to Tarik Admani

‎09-12-2012 06:27 PM

the option i.e drop down box wasnt there. lookin at the compatibility chart of ISE 1.1.1 and WLC, minimum version for WLC is 7.2.103.0

Do you need to have RADIUS NAC enabled if the ISE is only used to authenticate corporate wireless users against AD. there is no CoA,

the other function is to use RADIUS as network management logon. to WLC using the AD. depending on the AD group , one could get priv 15 or priv 5 access. i am also using device attribute by location so that remote offices network enigineer cannot log onto the WLC. i.e i created a NAD , put it in a location and use that location AND the AD group to qualify for priv 15 access.

Coudl this policy interrupt the wireless RADIUS policy? Wireless policy is at the top of the list under authorization tab.

0 Helpful

Go to solution
Tarik Admani
VIP Alumni
VIP Alumni
In response to Manish Patel

‎09-12-2012 06:53 PM

Yes you can use ise as an authentication server, coa isn't necessary and if it is not being used then disable this option in the settings for profiling in the admin section. It could be that this was turned on and caused the errors.

Also if you set a condition for service-type, you can determine if the radius request is for dot1x or device login.

Service-type=framed is for dot1x

Service-type=login is for device admin

It might be in the reports section.

Thanks

0 Helpful

Go to solution
Eric Kenny
Level 1
Level 1

‎11-08-2012 07:33 AM

On your WLC you also have to enable "Support for RFC 3576" under:

Security > AAA > RADIUS > Authentication > Your RADIUS Server

Customers Also Viewed These Support Documents
li.common.scroll-to.top