Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
7300
Views
0
Helpful
4
Replies

Live logs report error 5436

Go to solution
dgaikwad
Level 5
Level 5

‎12-10-2018 05:14 AM

Hi Experts,

 

While working with a third party NAD, Juniper 4200EX, today I started to get this error while testing for some of the use-cases.

While this was working fine till last week, today, the test machine was restarted and then post login to the machine, NAM kept popping for user credentials. And every time the user entered credentials this error was reported on live logs: 5436 RADIUS packet already in the process.

There has been no changes made to the configuration earlier, the ISE policies and profiles are the same.

The only change that was there, was to move the user's computer to admin groups to allow him to install/uninstall symantec antivirus, to allow us perform negative testing.

 

Following is the test setup that we have:

ISE 2.3.0.298 Patch 3

AnyConnect with NAM: 4.5.04029

Juniper 4200EX: 15.1R7.8

 

Any pointers appreciated.

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Surendra
Cisco Employee
Cisco Employee

‎12-10-2018 09:35 AM

You would see this if another authentication for that endpoint is still in progress for this endpoint or if a request is stuck on the ISE from being processed forever.

You might want to check CSCvh09878. There is a very high possibility that you might be running into this.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee

‎12-10-2018 06:05 AM

I would make sure it’s not getting suppressed. Have you tried marking unsuppressed in live logs? The you can troubleshoot further
0 Helpful

Go to solution
dgaikwad
Level 5
Level 5
In response to Jason Kunst

‎12-10-2018 11:59 PM

I see that under Suppression reports, no other setting has been enabled:

Suppression reports.JPG

I am going to work with that engineer today and see if could capture some debug logs from the switch itself.

Any ideas that you could suggest for this issue?

 

Thank you!

 

 

0 Helpful

Go to solution
Surendra
Cisco Employee
Cisco Employee

‎12-10-2018 09:35 AM

You would see this if another authentication for that endpoint is still in progress for this endpoint or if a request is stuck on the ISE from being processed forever.

You might want to check CSCvh09878. There is a very high possibility that you might be running into this.
0 Helpful

Go to solution
dgaikwad
Level 5
Level 5
In response to Surendra

‎12-13-2018 10:51 PM

As off now they are not in a position to do an upgrade. But would like to get some more details about this issue.

 

Any idea why would this happen?

As this is something that could easily pop-up in a production environment.

0 Helpful
Customers Also Viewed These Support Documents