Buy or Renew
Buy or Renew
Meraki Community is live! Welcome Meraki Members! Learn more here.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
476
Views
0
Helpful
3
Replies

Reauthentication Request issue

Kamran Mustafayev
Level 6
Level 6

‎03-03-2026 10:33 PM

Hi Everyone,

ISE 3.2.0.542 patch 2,7

Our WLC is 9800 17.12.6 version

We recently noticed that user connecting to the network and being connected, but then for some unknown reason it send second authentication request to Cisco ISE and we see this log:

1204 Received reauthenticate request
11220 Prepared the reauthenticate request
11100 RADIUS-Client about to send request - ( port = 1700 , type = Cisco CoA )
11104 RADIUS-Client request timeout expired ( [step latency=15012 ms] Step latency=15012 ms)
11213 No response received from Network Access Device after sending a Dynamic Authorization request

Event 5417 Dynamic Authorization failed
Failure Reason 11213 No response received from Network Access Device after sending a Dynamic Authorization request

However user is ok and working fine

Anyone faced such problem? Then only thing we added recently is Posture Reassestment Policy (PRA)

0 Helpful
3 Replies 3

balaji.bandi
Hall of Fame
Hall of Fame

‎03-03-2026 11:15 PM 

Anyone faced such problem? Then only thing we added recently is Posture Reassestment Policy (PRA)

Since you recently added Posture Reassessment (PRA), ISE is now proactively sending CoA requests at defined intervals.Review the PRA interval. If it is too aggressive, it may trigger these errors more frequently during roaming events.

Also check  and Ensure that port 1700 is open in both directions between your ISE PSN nodes and the WLC management/redundancy interface.

5417 Dynamic Authorization failed
Applies to: All EAP types and MAB
Possible Causes: NAD is not configured with change of authorization (CoA) from ISE PSN.
Resolution : Check the connectivity between ISE and the NAD. Ensure that ISE is defined as
             the dynamic authorization client on NAD and that CoA is supported on device

Failure Reason 11213 - check below post :

https://community.cisco.com/t5/network-access-control/11213-no-response-received-from-network-access-device-after/td-p/3874051

BB

=====️ Preenayamo Vasudevam ️=====

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Kamran Mustafayev
Level 6
Level 6

‎03-04-2026 12:13 AM

Hi, 1700 is open and works fine, PRA set to 1 hour with 5 min default grace, I noticed it happens only in the morning when most of users comes to the office

 

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to Kamran Mustafayev

‎03-04-2026 05:10 AM

may be peak hours issue, so need to look different devices any thing stopping due to high load in the network.

BB

=====️ Preenayamo Vasudevam ️=====

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents