Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
523
Views
3
Helpful
3
Replies

WLC 5520 not responding for CoA which sent by ISE

nwagh
Level 1
Level 1

‎07-25-2023 06:18 PM

 

Hi,
We are getting below Alarm on ISE frequently. we verified COA enabled, Nac state ISE and aaa override enabled on WLC and there is no impact on users as we didnt receive any complain from users.
Dynamic Authorization Failed for Device : Server=ISE-1;
Network Device= 5520 WLC
WLC Firmware = 8.5.185.0
ISE Firmware = 2.7 patch 9
Distributed cluster for ISE which is 2 mnt,2 PAN and 2 PSN
Checked the firewall logs and noticed that we have logs on port 1700 (COA) from ISE to WLC but not from WLC to ISE.
Is there any solution to get rid of this alarm ? Is this a bug ? many thanks in advance
Labels:
0 Helpful
3 Replies 3

nwagh
Level 1
Level 1
In response to MHM Cisco World

‎07-25-2023 07:35 PM

Thanks for the reply. Its enable and also manual CoA push from ISE is working.

Dustin Anderson
VIP
VIP

‎07-26-2023 06:18 AM

The issue is the client disconnects and the WLC doesn't notify ISE, so when ISE does a CoA to reauth or such, the client doesn't exist triggering the error message. I'm not sure if there is a fix, I have just purged the errors every so often.

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card