ISE RADIUS

All best practices, except those that need manual configuration, are enabled by default in a Cisco Mobility Express network. These exceptions include NTP, WLAN with WPA2 or 802.1x, and high SSID counts.

RADIUS Server Timeout

  • Description—RADIUS authentication and accounting servers should have 5 seconds as the minimum value for server timeout to prevent client join timeout issues from the ISE RADIUS server.

  • Status:

    • Selected—All the enabled RADIUS authentication and accounting server timeouts are greater than or equal to 5 seconds.

    • Unselected—At least one enabled RADIUS authentication and accounting server timeout is less than 5 seconds.

WLAN ISE Configuration

  • Description—Allows you to identify if the WLAN is configured with the recommended configurations for the Cisco ISE RADIUS server.

  • Status:

    • Selected—At least one active WLAN has the entire recommended ISE configuration set.

    • Unselected—None of the WLANs are compliant with Cisco ISE Best Practices.

RADIUS Aggressive Failover

  • Description—RADIUS aggressive failover should be disabled to get optimum performance for client authentication on a Cisco ISE RADIUS server.

  • Status:

    • Selected—RADIUS aggressive failover is disabled.

    • Unselected—RADIUS aggressive failover is enabled.