Cisco ISE: 2.7p2 changing Radius Sequence brakes authentication

I knew there were bugs related to External Radius Servers in ISE 2.7 but did not think it was that tricky.

I had two policies in my policy set. One for testing and one for production. Radius Sequence was working fine on the testing policy so I’ve added it to production and all authentication stopped working. Error message:

Event 5405 RADIUS Request dropped
Failure Reason 11351 Failed to read RADIUS server sequence configuration; dropping request

Very generic. I knew the bug fix was to recreate or create a new Radius Sequence. So I’ve created a new one, attached to the production policy, tested authentication good but realized I forgot to change On Access-Accept, continue to Authorization Policy setting. So I’ve edited the Radius Sequence, applied changes and all authentication stopped working AGAIN. I had to create a 3rd Radius Sequence, configure it right from the beginning, apply to both policies, and got authentication and authorization finally working right.

Leave a reply:

Your email address will not be published.

Site Footer

Sliding Sidebar