Endpoint Abandoned EAP Session and Started New (Wired/Wireless)

fatalXerror · ‎09-05-2016

Hi Guys,

Good Day!

Do you know what is the reason and resolution about this error that I saw in my ISE 2.1? Does it related to the timers in my Catalysts and WLCs?

The thing is, some can authenticate successfully and some are not and getting this error.

Do you have any resolutions?

Thanks.

Gagandeep Singh · ‎09-11-2016

Hi,

"5440 Endpoint abandoned EAP session and started new".

This issue occurs when the ISE did not receive the requisite radius packet in time and there is a timeout.
There can be many reasons for this, namely:

1.] Latency on ISE/Active Directory when it had to respond to a radius packet, i.e. due to some reason the ISE was busy
to process this request and had latency in sending out a packet, e.g. an Access Challenge
2.] Latency on NAD, when a packet was stuck in transit, due to many reasons, e.g. high traffic at the port
3.] Latency on the endpoint, when it did not respond to a EAP packet in time.

Workaround: Is to play around with the EAP timers.

https://supportforums.cisco.com/document/46101/eap-timers-wireless-lan-controllers

Regards

Gagan

PS: rate if it helps!!!

fatalXerror · ‎09-12-2016

Hi gagsing3,

Good Day!

Based on your experiences, what would be the best value for timers for this issue to be resolve?

Thanks

Gagandeep Singh · ‎09-13-2016

Hi ,

You can follow the document

https://supportforums.cisco.com/document/46101/eap-timers-wireless-lan-controllers

http://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-lan-wlan/118703-technote-wlc-00.html#anc7

Regards

Gagan

PS: rate if it helps!!!!