11-22-2021 06:37 AM
Dear,
I am facing an issue with my ISE server, relative to the event "5436 RADIUS packet already in the process".
Indeed, I manage the network access (autentication & authorisation) of my wireless Guest network through an ISE server (radius). All the the wifi guest clients connect to Light Weight Access Point which are centrally managed by Cisco Controllers (WLC).
The WLC redirects client to the ISE server portal in order to create himself his credentials for the first time. Once done and every time the client will be authenticated, the ISE server sends the "change of authorisation" to WLC in order to grant him network access.
Since a while, a lot wifi Guest clients can't access to the wifi Guess network because they can't submit again the network access request due to the error message "5436 RADIUS packet already in the process" find out in the ISE Work Centers Reports.
Does anyone can help me ?
Solved! Go to Solution.
11-22-2021 02:46 PM
There are various reasons you could be seeing the 5436 events. It could be related to bugID CSCvt34876, but there is not enough information to provide much meaningful assistance.
You mention CoA... are you seeing any CoA failure logs? Have you confirmed that CoA (RFC-3576) is enabled on the controller?
What has happened "since a while"? ISE or WLC software updates, changes, etc?
Please see How to Ask the Community for Help and open a TAC case if this an urgent issue.
11-30-2021 12:51 PM
As Greg said, we are missing any real details. I suggest you create a TAC case if Guests are unable to get network access and you may need to do a packet capture to understand the exact packet flow from the WLC.
Message Code: 5436
Severity: WARN
Message Text: RADIUS packet already in the process
Message Description: Ignoring this request because it is a duplicate of another packet that is currently being processed
Local Target Message Format: <timestamp> <seq_num> 5436 WARN RADIUS: RADIUS packet already in the process, <log details>
Remote Target Message Format: <pri_num> <timestamp> <IP address/hostname> <CISE_logging category> <msg_id> <total seg> <seg num><timestamp> <seq_num> 5436 WARN RADIUS: RADIUS packet already in the process, <log details>
11-22-2021 02:46 PM
There are various reasons you could be seeing the 5436 events. It could be related to bugID CSCvt34876, but there is not enough information to provide much meaningful assistance.
You mention CoA... are you seeing any CoA failure logs? Have you confirmed that CoA (RFC-3576) is enabled on the controller?
What has happened "since a while"? ISE or WLC software updates, changes, etc?
Please see How to Ask the Community for Help and open a TAC case if this an urgent issue.
11-23-2021 09:46 AM
Dear Greg,
Thank you for your reply.
The issue started without any network changes, no upgrade.
The CoA is indeed enabled on my ISE server.
But when checking Radius live logs of failed authentications, I am not seeing any log of CoA.
When looking at Operations/Reports/Diagnostics/ISE counters, I saw this counter relative to the CoA :
Counter Attribute Threshold => TC-NAC: CoA Issued | UCS_SMALL | 250
When looking at Operations/Reports/Diagnostics/Misconfigured NAS, I saw the following messages several times for different endpoints. I showed below for only one endpoint device but there are some in xlsx file in attchment :
Message => NAS conducted several failed authentications of the same scenario,
Failure Reason : 12929 NAS sends RADIUS accounting update messages too frequently
Details :
ConfigVersionId=67,Device IP Address=x.x.x.x,Device Port=32772,DestinationIPAddress=y.y.y.12,DestinationPort=1813,RadiusPacketType=AccountingRequest,UserName=48-FD-A3-B3-E6-F2,Protocol=Radius,RequestLatency=1,NetworkDeviceName=WLC1,User-Name=48-FD-A3-B3-E6-F2,NAS-Port=1,Framed-IP-Address=w.w.5.63,Class=CACS:03025d0a007a7d007c189d61:ISE_1/426340496/4488658,Called-Station-ID=64-9e-f3-65-b1-80,NAS-Identifier=WLC1,Acct-Status-Type=Interim-Update,Acct-Delay-Time=0,Acct-Input-Octets=19016,Acct-Output-Octets=18845,Acct-Session-Id=619d187c/48:fd:a3:b3:e6:f2/8064786,Acct-Authentic=RADIUS,Acct-Session-Time=434,Acct-Input-Packets=123,Acct-Output-Packets=93,Acct-Input-Gigawords=0,Acct-Output-Gigawords=0,Event-Timestamp=1637685806,NAS-Port-Type=Wireless - IEEE 802.11,Tunnel-Type=(tag=0) VLAN,Tunnel-Medium-Type=(tag=0) 802,Tunnel-Private-Group-ID=(tag=0) 921,cisco-av-pair=audit-session-id=03025d0a007a7d007c189d61,Airespace-Wlan-Id=7,NetworkDeviceProfileName=Cisco,NetworkDeviceProfileId=730d45ba-a3d3-49a8-9e07-a20ca3dae75b,IsThirdPartyDeviceFlow=false,SSID=64-9e-f3-65-b1-80,AcsSessionID=ISE_1/426340496/4492143,SelectedAccessService=Wireless_Protocols,Step=11004,Step=11017,Step=15049,Step=15008,Step=15004,Step=22094,Step=11005,Step=12929,Step=5435,NetworkDeviceGroups=Location#All Locations#All Wireless Location,NetworkDeviceGroups=Device Type#All Device Types#Wireless,CPMSessionID=03025d0a007a7d007c189d61,EndPointMACAddress=48-FD-A3-B3-E6-F2,ISEPolicySetName=Wireless,AllowedProtocolMatchedRule=MAB,StepData=4=MAB,DTLSSupport=Unknown,RadiusFlowType=WirelessMAB,Network Device Profile=Cisco,Model Name=AIR-CT8510-K9,Software Version=7.6.130.21,Location=Location#All Locations#All Wireless Location,Device Type=Device Type#All Device Types#Wireless
Does this give you more details ? If you need specific informations, I can provide it.
Thanks !
11-30-2021 12:51 PM
As Greg said, we are missing any real details. I suggest you create a TAC case if Guests are unable to get network access and you may need to do a packet capture to understand the exact packet flow from the WLC.
Message Code: 5436
Severity: WARN
Message Text: RADIUS packet already in the process
Message Description: Ignoring this request because it is a duplicate of another packet that is currently being processed
Local Target Message Format: <timestamp> <seq_num> 5436 WARN RADIUS: RADIUS packet already in the process, <log details>
Remote Target Message Format: <pri_num> <timestamp> <IP address/hostname> <CISE_logging category> <msg_id> <total seg> <seg num><timestamp> <seq_num> 5436 WARN RADIUS: RADIUS packet already in the process, <log details>
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide