Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

radius servers unavailable

Hello fellow Cisco forum members. 

I have an odd problem. First our environment:

2 WLC5508 + 2 Cisco ISE 1.2

Since we are an university we offer eduroam. The principe of eduroam is that you send the requests to the partner universities. When someone is from University Ghent you use the following as username: username@ugent.be

Our wlc's get the username + pass on wlan3 and sends this to the ISE. The ise's send these to the remote radius of the correct university. 

Today one of these universities had a problem with their radius and no one could login with their credentials. The users kept on trying and suddenly all I could see in my ISE's was a red colour of fails. Because of the many fails the ISE's load went skyhigh which meant the users on the other WLAN's couldn't login as well because they use the same ISE's. 

How is it possible that these fails caused the huge load and massive fails?

How can I resolve this? On wlc level by using the client exclusion policies or should I do something on the ISE?

 

Regards,

 

Mathieu

Everyone's tags (1)
2 REPLIES

Check the Identity Source

Check the Identity Source availability , the AD connectivity.

Refer to authentication fails from below troubleshooting guide

http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/troubleshooting_guide/ise_tsg.html

New Member

They couldn't authenticate

They couldn't authenticate because the remote radius only gave rejects. I was wondering why the load of the ISE's goes up in that case.

49
Views
0
Helpful
2
Replies