Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1184
Views
5
Helpful
4
Replies

No Authentications in the last 15 minutes

Go to solution
dgaikwad
Level 5
Level 5

‎03-23-2022 11:55 PM

Hi Experts,

I am seeing this error being reported for every 15 minutes.
And clicking on details button is greyed out.
Currently running ISE 2.7 with patch 3.

Is there any ways to suppress this message?
It does seem to be reported for 2.7 as a bug, and patch fix is not listed: Cisco Bug: CSCvw21033 - ENH: ISE: "ISE Authentication Inactivity" alarm - no details available

Any suggestions.

1 person had this problem
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Damien Miller
VIP Alumni
VIP Alumni
In response to dgaikwad

‎08-26-2022 09:25 PM

While the alarm doesn't have anything to indicate it, this is per node. There are a couple enhancement requests to improve it, but alas it's still a general alarm for now. Given that all of your authentication is being directed at one node, the second one is likely throwing this alarm accurately. 

I would suggest splitting your load 50/50, no reason to make a single node process all requests. 

There are scenarios where the alarm occurs because of log ingestion issues, but those are not very common. 

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Octavian Szolga
Level 4
Level 4

‎03-24-2022 02:25 AM

Hi,

 

The alarm is pretty obvious. Because ISE is basically a RAIDUS server used for wired/wifi (MAB/802.1x) or VPN (pure RADIUS) environments, it raises an alarm when it's not used, because it's considered unusual. A network that uses ISE for all 3 network connectivity options (wired/wifi/VPN) should almost always send to ISE some auth requests.

 

If your network is not that noisy, you can disable the alarm itself from Administration > System Settings > Alarm Settings >

ISE Authentication Inactivity.
 
BR,
Octavian

Go to solution
thomas
Cisco Employee
Cisco Employee

‎03-24-2022 11:35 AM

If you are testing ISE in a lab, this can be quite normal because you may only have a few devices connecting infrequently.

However, depending on your configured session timeouts, for almost all production networks with more than few hundred endpoints, it should be extremely alarming (literally) not to see one single authentication for 15 minutes. This would indicate an anomalous lack of endpoint authentication requests coming into ISE which means something is likely to be down or misconfigured.

You provided no details about your actual request traffic or patterns to confirm or deny which is happening.

If you are getting this alarm and do have one or more requests every 15 minutes, call TAC and file a bug.

 

0 Helpful

Go to solution
dgaikwad
Level 5
Level 5

‎08-26-2022 01:10 AM

All the wireless traffic is being sent to just one SSID and this SSID has the two PSNs configured for it.
Seems that only one PSN receiving the RADIUS traffic and this alarm being generated.

0 Helpful

Go to solution
Damien Miller
VIP Alumni
VIP Alumni
In response to dgaikwad

‎08-26-2022 09:25 PM

While the alarm doesn't have anything to indicate it, this is per node. There are a couple enhancement requests to improve it, but alas it's still a general alarm for now. Given that all of your authentication is being directed at one node, the second one is likely throwing this alarm accurately. 

I would suggest splitting your load 50/50, no reason to make a single node process all requests. 

There are scenarios where the alarm occurs because of log ingestion issues, but those are not very common. 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents