cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3242
Views
0
Helpful
4
Replies
Highlighted
Beginner

After ISE 1.2 upgrade I get "5413 RADIUS Accounting-Request dropped."

Hello,

I have a two admin node setup for ISE. I just upgraded one of my two ISE Admin nodes to Version 1.2. I still have one of my admin  nodes at 1.1.4. When I disable my Version 1.1.4 node and allow wireless authentications to be handled by the Version 1.2 node I get the message..."5413 RADIUS Accounting-Request dropped". None of my wireless edge devices will be allowed on the network during this time. When I re-enable my 1.1.4 node my wireless devices are then allowed on the network.

I am currently using ISE to authenticate wireless connectivity.

I also get the failure reason... "11038 RADIUS Accounting-Request header contains invalid Authentication field".

Any ideas?

Bob

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: After ISE 1.2 upgrade I get "5413 RADIUS Accounting-Request

The 5413 RADIUS Accounting-Request dropped may be because the session was active on ISE1 and is now sending update messages to ISE2. Also, verify your shared secret radius key matches on both the wlc and ISE servers. I would try clearing the WLC connection for the test user when switching.  Just turning off wireless and back on doesn't do it.  Also, are you using PEAP-MSChapv2 or EAP-TLS for authenticating the clients.  What type of certificate is presented, public or private?

4 REPLIES 4
Cisco Employee

Re: After ISE 1.2 upgrade I get "5413 RADIUS Accounting-Request

The 5413 RADIUS Accounting-Request dropped may be because the session was active on ISE1 and is now sending update messages to ISE2. Also, verify your shared secret radius key matches on both the wlc and ISE servers. I would try clearing the WLC connection for the test user when switching.  Just turning off wireless and back on doesn't do it.  Also, are you using PEAP-MSChapv2 or EAP-TLS for authenticating the clients.  What type of certificate is presented, public or private?

Beginner

Re: After ISE 1.2 upgrade I get "5413 RADIUS Accounting-Request

I have checked and my shared secret radius key matches on my ISE node Ver 1.2 and the WLC.

I am using private certificates. We are authenticating using PEAP MS-CHAP V2.

Should I try a config restore from the CLI? This would be a config restore from version 1.1.4 to version 1.2. Will this work?

Beginner

Re: After ISE 1.2 upgrade I get "5413 RADIUS Accounting-Request

The cure for this issue was to delete the RADIUS shared-secret and re-enter it in ISE. The shared secret was correct to begin with but it required removal and re-insertion to function properly.

Beginner

Re: After ISE 1.2 upgrade I get "5413 RADIUS Accounting-Request

Bruce,

Thank you for your assist!

Bob