03-23-2022 11:55 PM
Hi Experts,
I am seeing this error being reported for every 15 minutes.
And clicking on details button is greyed out.
Currently running ISE 2.7 with patch 3.
Is there any ways to suppress this message?
It does seem to be reported for 2.7 as a bug, and patch fix is not listed: Cisco Bug: CSCvw21033 - ENH: ISE: "ISE Authentication Inactivity" alarm - no details available
Any suggestions.
Solved! Go to Solution.
08-26-2022 09:25 PM
While the alarm doesn't have anything to indicate it, this is per node. There are a couple enhancement requests to improve it, but alas it's still a general alarm for now. Given that all of your authentication is being directed at one node, the second one is likely throwing this alarm accurately.
I would suggest splitting your load 50/50, no reason to make a single node process all requests.
There are scenarios where the alarm occurs because of log ingestion issues, but those are not very common.
03-24-2022 02:25 AM
Hi,
The alarm is pretty obvious. Because ISE is basically a RAIDUS server used for wired/wifi (MAB/802.1x) or VPN (pure RADIUS) environments, it raises an alarm when it's not used, because it's considered unusual. A network that uses ISE for all 3 network connectivity options (wired/wifi/VPN) should almost always send to ISE some auth requests.
If your network is not that noisy, you can disable the alarm itself from Administration > System Settings > Alarm Settings >
03-24-2022 11:35 AM
If you are testing ISE in a lab, this can be quite normal because you may only have a few devices connecting infrequently.
However, depending on your configured session timeouts, for almost all production networks with more than few hundred endpoints, it should be extremely alarming (literally) not to see one single authentication for 15 minutes. This would indicate an anomalous lack of endpoint authentication requests coming into ISE which means something is likely to be down or misconfigured.
You provided no details about your actual request traffic or patterns to confirm or deny which is happening.
If you are getting this alarm and do have one or more requests every 15 minutes, call TAC and file a bug.
08-26-2022 01:10 AM
All the wireless traffic is being sent to just one SSID and this SSID has the two PSNs configured for it.
Seems that only one PSN receiving the RADIUS traffic and this alarm being generated.
08-26-2022 09:25 PM
While the alarm doesn't have anything to indicate it, this is per node. There are a couple enhancement requests to improve it, but alas it's still a general alarm for now. Given that all of your authentication is being directed at one node, the second one is likely throwing this alarm accurately.
I would suggest splitting your load 50/50, no reason to make a single node process all requests.
There are scenarios where the alarm occurs because of log ingestion issues, but those are not very common.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: