Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
7509
Views
5
Helpful
3
Replies

ISE authentication failing 11007 Could not locate Network Device or AAA Client

Go to solution
btraister
Level 1
Level 1

‎08-08-2018 01:42 PM - edited ‎03-11-2019 01:48 AM

Im adding a router to radius authentication.  Configured identically to the other gear (Its a juniper srx1500)

 

This is the error I get

 

Source Timestamp 2018-08-08 13:38:28.26
Received Timestamp 2018-08-08 13:38:28.26
Policy Server lax-net-ise1
Event 5405 RADIUS Request dropped
Failure Reason 11007 Could not locate Network Device or AAA Client
Resolution Verify whether the Network Device or AAA client is configured in: Administration > Network Resources > Network Devices
Root cause Could not find the network device or the AAA Client while accessing NAS by IP during authentication.
Endpoint Id 10.0.9.8
NAS IPv4 Address

10.0.102.29

 

 

 

MY Ip is 10.0.9.8 and thats the one that is being complained about.  I have added the devce to ISE with new secret numbers and stil no dice.

1 person had this problem
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
thomas
Cisco Employee
Cisco Employee

‎08-14-2018 12:43 PM

ISE cannot find the NAD IP Address of 10.0.102.29 in the ISE Network Device database @ Administration > Network Resources > Network Devices. Please verify you have added that network device and the appropriate RADIUS pre-shared key for the Juniper Network Device.

 

ISE will ignore and drop all requests from any unrecognized NAD IPs.

View solution in original post

3 Replies 3

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni

‎08-08-2018 09:26 PM

Hi

Can you make sure the source ip used by juniper is the correct one?
Can you maybe share the juniper config?

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful

Go to solution
Mohammed al Baqari
Level 11
Level 11

‎08-08-2018 11:52 PM

Looking for configuring the NAD identity in Juniper. It seems that Juniper
is sending client ID (which is your IP in this case) and it NAD instead of
Juniper IP
0 Helpful

Go to solution
thomas
Cisco Employee
Cisco Employee

‎08-14-2018 12:43 PM

ISE cannot find the NAD IP Address of 10.0.102.29 in the ISE Network Device database @ Administration > Network Resources > Network Devices. Please verify you have added that network device and the appropriate RADIUS pre-shared key for the Juniper Network Device.

 

ISE will ignore and drop all requests from any unrecognized NAD IPs.

Customers Also Viewed These Support Documents