06-15-2020 01:54 AM
Hi all!
I am getting a lot of "Misconfigured Network Device Detected" alarms from one of my newly added device in ISE. I know that this usually means either misconfigured secret key and deleting and adding device and key on device side is solving the issue but the problem is after each of this alaram there is next "fixed" alarm coming like in below attached screenshot:
What can be the cause of this issue? Is it bug and do I need to disable the alarm?
06-15-2020 04:27 AM
Maybe the configured IP is already in use for another device that is working correctly?
06-19-2020 02:18 AM
Nope, not a option.
06-15-2020 06:49 AM
This can occur if the NAD sends multiple accounting events in a given time. You can configure ISE to suppress and ignore repeated updates within a configured window. See Administration->System->Settings->Protocols->RADIUS. Also, for a deeper understanding take a peek at the 'Radius Settings' section found here: https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/admin_guide/Workflow/b_threat_containment_2_4.html
06-15-2020 06:52 PM
06-19-2020 02:18 AM
After each 1 or 2 hours! Device is WLC
06-21-2020 05:14 PM
If you have not done so, you might check your WLC configuration against the Top Six Important Cisco WLC settings for ISE integration
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide