Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

After ISE 1.2 upgrade I get "5413 RADIUS Accounting-Request dropped."

Hello,

I have a two admin node setup for ISE. I just upgraded one of my two ISE Admin nodes to Version 1.2. I still have one of my admin  nodes at 1.1.4. When I disable my Version 1.1.4 node and allow wireless authentications to be handled by the Version 1.2 node I get the message..."5413 RADIUS Accounting-Request dropped". None of my wireless edge devices will be allowed on the network during this time. When I re-enable my 1.1.4 node my wireless devices are then allowed on the network.

I am currently using ISE to authenticate wireless connectivity.

I also get the failure reason... "11038 RADIUS Accounting-Request header contains invalid Authentication field".

Any ideas?

Bob

1 ACCEPTED SOLUTION

Accepted Solutions
New Member

Re: After ISE 1.2 upgrade I get "5413 RADIUS Accounting-Request

The 5413 RADIUS Accounting-Request dropped may be because the session was active on ISE1 and is now sending update messages to ISE2. Also, verify your shared secret radius key matches on both the wlc and ISE servers. I would try clearing the WLC connection for the test user when switching.  Just turning off wireless and back on doesn't do it.  Also, are you using PEAP-MSChapv2 or EAP-TLS for authenticating the clients.  What type of certificate is presented, public or private?

4 REPLIES
New Member

Re: After ISE 1.2 upgrade I get "5413 RADIUS Accounting-Request

The 5413 RADIUS Accounting-Request dropped may be because the session was active on ISE1 and is now sending update messages to ISE2. Also, verify your shared secret radius key matches on both the wlc and ISE servers. I would try clearing the WLC connection for the test user when switching.  Just turning off wireless and back on doesn't do it.  Also, are you using PEAP-MSChapv2 or EAP-TLS for authenticating the clients.  What type of certificate is presented, public or private?

New Member

Re: After ISE 1.2 upgrade I get "5413 RADIUS Accounting-Request

I have checked and my shared secret radius key matches on my ISE node Ver 1.2 and the WLC.

I am using private certificates. We are authenticating using PEAP MS-CHAP V2.

Should I try a config restore from the CLI? This would be a config restore from version 1.1.4 to version 1.2. Will this work?

New Member

Re: After ISE 1.2 upgrade I get "5413 RADIUS Accounting-Request

The cure for this issue was to delete the RADIUS shared-secret and re-enter it in ISE. The shared secret was correct to begin with but it required removal and re-insertion to function properly.

New Member

Re: After ISE 1.2 upgrade I get "5413 RADIUS Accounting-Request

Bruce,

Thank you for your assist!

Bob

1664
Views
0
Helpful
4
Replies