Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
634
Views
4
Helpful
4
Replies

High Authentication Latency for Radius

Go to solution
Amar_Tufo
Level 1
Level 1

‎03-04-2024 10:13 AM

Hello everybody,

We are expiriencing lately hughe number of High auth latency alarms on our Ise deployment. Version 3.2 with patch version 3.

The use scenario is as follows. We use ISE as an radius server for ssh logins on remote devices, and on that basis is also our daily device configuration backup configured. An AD account is being used from a server that logs in to the devices and back ups their configuration. That's when multiple alarms occur, because the server does the same to multiple devices. This sometimes occur when we as admins log into devices, but not that often.

The log stats this:

15036   Evaluating Authorization Policy

                15048   Queried PIP - Normalised Radius.RadiusFlowType

                15048   Queried PIP - Network Access.EapChainingResult

                15048   Queried PIP - Normalised Radius.RadiusFlowType

                15048   Queried PIP - Network Access.UserName (step latency=8029  ms Step latency=8029 ms)

                15048   Queried PIP - IdentityGroup.Name (step latency=2696  ms Step latency=2696 ms)

                15048   Queried PIP - Normalised Radius.RadiusFlowType (6 times)

                15048   Queried PIP - IdentityGroup.Name (step latency=2670  ms Step latency=2670 ms)

We never experienced this before, searched online has someone the same problem, but without any lead. Can some please give me a hint where to look at, or at least briefly explain what Quered PIP is about?

Thanks

1 Accepted Solution

Accepted Solutions

Go to solution
Amar_Tufo
Level 1
Level 1
In response to adamscottmaster2013

‎03-04-2024 11:34 PM

Reloading the nodes seems to calmed the situation. Last night we recieved no alarms at all. Thank you for your suggestion, will try tcpdump if the alarm happens again.

View solution in original post

4 Replies 4

Go to solution
adamscottmaster2013
Level 3
Level 3

‎03-04-2024 11:57 AM

@Amar_Tufo:  Are you integrating AD with Cisco ISE?  Does it mean your account come from Active Directory?  

I have both ISE 3.1 patch-8 and ISE 3.2 patch-5 running in my environment and I also notice that this is an issue whenever Active Directory has issue or is going under patching/maintenance.  To confirm the issue, I would suggest you run tcpdump on the ISE and filter out all the Active Directory servers.  Then looks at the tcpdump and match the time when the issue occur, it will tell you the culprit, most likely Active Directory.

Go to solution
Amar_Tufo
Level 1
Level 1
In response to adamscottmaster2013

‎03-04-2024 01:22 PM

Yes accounts are from Active Directory. Hardly doubt that the AD is under patching and maintenance, as this occurs at time where no one is working and occurs three days in a row. But I'll try your sugestion, thank you.

Go to solution
adamscottmaster2013
Level 3
Level 3
In response to Amar_Tufo

‎03-04-2024 06:40 PM

@Amar_Tufo:  instead of speculating or guessing, you can confirm this by perform tcpdump on the ISE itself and analyze it when the issue occurs.  That way you will know for sure.

0 Helpful

Go to solution
Amar_Tufo
Level 1
Level 1
In response to adamscottmaster2013

‎03-04-2024 11:34 PM

Reloading the nodes seems to calmed the situation. Last night we recieved no alarms at all. Thank you for your suggestion, will try tcpdump if the alarm happens again.

Customers Also Viewed These Support Documents