ACS LOG 11013 RADIUS packet already in the process
1. First we will have to see what the radius timeout values are set for on the network device. Also we need to identify if there is a relation to which network device(s) are generating this message and then try to increase the timeout values. For that device, if there is some latency some devices come with a default 5 second timer some up to 15.
2. If you are using AD where are the domain controllers with respect to the ACS, is there a firewall or any policing polices that the ACS is subject to in its path to the DCs? If not, how many domain controllers do you have and how many are local to the ACS itself? Are your "sites" configured properly with the DC infrastructure so that when ACS queries the domain it is receving domain controllers that are located closest to it? Also what version of ACS are you running? if you are on ACS 5.3 then installing the latest patch will help fix some critical AD issues.
3. How many authentications do you see on average when this issue occurs, what authentication mechanism are you using (eap-tls or peap), these authentication protocols are different in the way they operate and when it comes to authentications per second EAP-TLS does consume more processing power then the PEAP.
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...