Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation

Who Me Too'd this topic

Dynamic Authorization Failed - Posture with Guest Portal - ISE - WLC

Abdallah Anouar
Level 1
Level 1

‎04-30-2015 12:31 PM - edited ‎03-10-2019 10:42 PM

Hello everybody,

I'm implementing a NAC solution based on Cisco ISE. Unfortunately, I'm facing a problem related to the CoA (Change of Authorization).

The guest can authenticate successfully via portal and then he is redirected to the page of client provisioning.

When he is compliant with the policy he gets access without any problem and this means that CoA works perfectly. The issue occurs when he has to remediate (download the file from ISE and install it). In this case, we need a change of authorization profile.

The authentication logs show that the posture status changed from non-compliant to compliant but the users doesn't obtain access .

Here are details :

Authentication Details

Source Timestamp

2015-04-30 18:43:13.179

Received Timestamp

2015-04-30 18:43:13.18

Policy Server

ISE-CISCO

Event

5417 Dynamic Authorization failed

Failure Reason

11213 No response received from Network Access Device after sending a Dynamic Authorization request

Resolution

Check the connectivity between ISE and Network Access Device. Ensure that ISE is defined as Dynamic Authorization Client on Network Access Device and that CoA is supported on device.

Root cause

No response received from Network Access Device after sending a Dynamic Authorization request

Username

 

User Type

 

Endpoint Id

E0:9D:31:07:**:**

Endpoint Profile

 

IP Address

 

Identity Store

 

Identity Group

 

Audit Session Id

ca0019ac00000003ae674255

Authentication Method

 

Authentication Protocol

 

Service Type

 

Network Device

WLC-1

Device Type

 

Location

 

NAS IP Address

172.25.0.202

NAS Port Id

 

NAS Port Type

 

Authorization Profile

 

Posture Status

Compliant

Security Group

 

Response Time

15002

 

Other Attributes

ConfigVersionId

4

RadiusPacketType

CoARequest

Event-Timestamp

1430415778

AcsSessionID

50149c2f-08fb-4f9d-b1b5-f655e71d039f

StepLatency

3=15001

Device IP Address

172.25.0.202

CiscoAVPair

subscriber:command=reauthenticate

audit-session-id

ca0019ac00000003ae674255

 

Session Events

2015-04-30 18:43:13.18

Dynamic Authorization failed

2015-04-30 18:41:44.159

Dynamic Authorization failed

2015-04-30 18:35:42.64

Guest Authentication Passed

2015-04-30 18:34:39.214

RADIUS Accounting start request

3 people had this problem
Labels:
0 Helpful
Who Me Too'd this topic