Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new blog
1000
Views
0
Helpful
1
Comments

External RADIUS dead timer behavior

wileong
Cisco Employee
Cisco Employee
‎05-03-2020 07:03 AM

For ISE 2.4 with External RADIUS server. As per this document - https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/213239-configure-external-radius-servers-on-ise.html

 

Does ISE mark External RADIUS as dead based on the request send by ISE or ISE has a dedicated heartbeat to monitor External RADIUS server?

In a test environment, Duo Auth Proxy is configured as external RADIUS server with NO communication issue between both server, Duo Push works fine and user able to approve push as expected. Issue is when user deliberately ignoring "Push" and Duo Push will timeout as expected. During testing if user deliberately ignore Duo Push and timeout, ISE mark Duo as dead and 5 mins dead timer kicks in. Is this an expected behaviour and how to avoid ISE marking Duo as dead in this very likely test case?

 

Thanks

Wing Churn 

 

0 Helpful
1 Comment
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Popular Articles
Customers Also Viewed These Support Documents