NADs send RADIUS accounting too frequently

andy!doesnt!like!uucp · ‎04-28-2021

Hi Gentlemen

i've stack of "WS-C2960S-48LPS-L" running 15.2(2a)E1 & dot1x/mab AAA on the access-ports.

Everything is Ok except stack sends extra RADIUS accounting requests (thousands; every 5 seconds for each already authenticated endpoint; checked with tcpdump on the ISE).

Searching for bug didnt succeed . Can anyone help with it pls?

#show radius server-group radius-dot1x
Server group radius-dot1x
Sharecount = 1 sg_unconfigured = FALSE
Type = standard Memlocks = 1
Server(<IP1>:1812,1813) Transactions:
Authen: 196 Author: 0 Acct: 127678
Server_auto_test_enabled: TRUE
Keywrap enabled: FALSE
Server(<IP2>:1812,1813) Transactions:
Authen: 0 Author: 0 Acct: 338
Server_auto_test_enabled: TRUE
Keywrap enabled: FALSE

Relevant config:
aaa group server radius radius-dot1x
aaa authentication dot1x default group radius-dot1x
aaa authorization exec default group radius-dot1x if-authenticated
aaa authorization network default group radius-dot1x
aaa accounting update newinfo periodic 1440
aaa accounting dot1x default start-stop group radius-dot1x
aaa group server radius radius-dot1x
server name PSN1
server name PSN2
radius server PSN1
address ipv4 <IP1> auth-port 1812 acct-port 1813
automate-tester username <testuser> probe-on ignore-acct-port
key <ISEKEY>
radius server PSN2
address ipv4 <IP2> auth-port 1812 acct-port 1813
automate-tester username <testuser> probe-on ignore-acct-port
key <ISEKEY>
device-sensor accounting
device-sensor notify all-changes

Typical port:
interface GigabitEthernet2/0/40
description ACCESS PORTS
switchport access vlan <DATAVLAN>
switchport mode access
switchport voice vlan <VOICEVLAN>
ip access-group ACL-PreAuth in
authentication control-direction in
authentication event fail action next-method
authentication event server dead action authorize vlan <DATAVLAN>
authentication event server dead action authorize voice
authentication event server alive action reinitialize
authentication host-mode multi-auth
authentication open
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
authentication violation restrict
mab
snmp trap mac-notification change added
dot1x pae authenticator
dot1x timeout tx-period 5
spanning-tree portfast
end

balaji.bandi · ‎04-28-2021

is this only on this switch ? what device connected to this switch ( AP / Phone / ?)

worth checking this thread :

https://community.cisco.com/t5/network-access-control/ise-2-1-12929-nas-sends-radius-accounting-update-messages-too/m-p/3314699

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

andy!doesnt!like!uucp · ‎04-28-2021

Hi Balaji

Yes, it's only switch misbehaving :0) Endpoints r phones & PCs. No flaps on the ports. No ip device tracking events . nothing suspected

i've read the treat u've referred to. not usable unfortunately :0(

balaji.bandi · ‎04-28-2021

Not that i am aware any other bug reported at this stage, may be we need to see what made the device to think sending too many accounting ?

if this is pressing issue or get chance upgrade to latest IOS and check 15.2.2E9

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

andy!doesnt!like!uucp · ‎04-28-2021

"may be we need to see what made the device to think sending too many accounting ?" - any idea how?

"if this is pressing issue or get chance upgrade to latest IOS and check 15.2.2E9" - i'm thinking ~it. now i'm trying to open case with TAC as i dont get how to advance