I keep getting error meesages on the ISE in regards to RADIUS
the error is
Dynamic Authorization failed : 1213 No response received from Network Access Device
i am using ISE version 1.1.1 and the NAD is a WLC running version 18.104.22.168
i use ISE to authenticate users via PEAP. I deleted the NAD and re-added it twice but i still keep getting this issue. this set up was working fine for the last few weeks.
i dont think location and device type would cause an issue to authentication under the NAD list
anyone have any ideas?
Solved! Go to Solution.
the option i.e drop down box wasnt there. lookin at the compatibility chart of ISE 1.1.1 and WLC, minimum version for WLC is 22.214.171.124
Do you need to have RADIUS NAC enabled if the ISE is only used to authenticate corporate wireless users against AD. there is no CoA,
the other function is to use RADIUS as network management logon. to WLC using the AD. depending on the AD group , one could get priv 15 or priv 5 access. i am also using device attribute by location so that remote offices network enigineer cannot log onto the WLC. i.e i created a NAD , put it in a location and use that location AND the AD group to qualify for priv 15 access.
Coudl this policy interrupt the wireless RADIUS policy? Wireless policy is at the top of the list under authorization tab.
Yes you can use ise as an authentication server, coa isn't necessary and if it is not being used then disable this option in the settings for profiling in the admin section. It could be that this was turned on and caused the errors.
Also if you set a condition for service-type, you can determine if the radius request is for dot1x or device login.
Service-type=framed is for dot1x
Service-type=login is for device admin
It might be in the reports section.