Back to All Scenarios
PASSEDvendor / cisco_ise_radius_failure
Cisco ISE RADIUS Authentication Failure
Both Cisco ISE Policy Service Nodes (PSNs) in an HA pair experience a Java heap exhaustion, causing all RADIUS authentications to fail and locking out 3000 users from wired and wireless networks.
Pattern
CISCO_EVENT
Severity
CRITICAL
Confidence
92%
Remediation
Auto-Heal
Test Results
| Metric | Expected | Actual | Result |
|---|---|---|---|
| Pattern Recognition | CISCO_EVENT | CISCO_EVENT | |
| Severity Assessment | CRITICAL | CRITICAL | |
| Incident Correlation | Yes | 28 linked | |
| Cascade Escalation | Yes | Yes | |
| Remediation | — | Auto-Heal — Corax resolves autonomously |
Scenario Conditions
Cisco ISE 3.2 deployment with 2 PSNs. Both PSNs hit Java heap limit simultaneously due to profiling service memory leak. All RADIUS auth failing. 3000 users on 802.1X. No MAB fallback configured.
Injected Error Messages (3)
cisco ISE PSN-1 RADIUS service failure — ISE runtime process java heap exhaustion (8GB used of 8GB max), cisco ISE profiling service memory leak consumed all available heap, RADIUS authentication requests not being processed, cisco ISE application server returning HTTP errors on admin portal, ISE PSN-1 unable to process EAP-TLS or PEAP authentications
cisco ISE PSN-2 also experiencing java heap exhaustion — both ISE Policy Service Nodes affected by same profiling memory leak, cisco ISE HA pair completely non-functional for RADIUS, ISE PSN-2 RADIUS port 1812 accepting connections but not responding to auth requests, cisco ISE deployment has zero healthy RADIUS endpoints available
cisco ISE RADIUS failure causing campus-wide authentication lockout — all 802.1X wired and wireless authentications failing with RADIUS not responding, cisco network access devices (NADs) getting no response from ISE PSNs, 3000 users cannot authenticate to network, cisco switches placing all ports in auth-fail VLAN, no MAB fallback configured, campus network access completely disrupted
Neural Engine Root Cause Analysis
The Cisco ISE PSN-1 node is experiencing Java heap memory exhaustion with 8GB of 8GB allocated memory fully consumed. The profiling service appears to have a memory leak that has consumed all available heap space, causing the RADIUS service to fail and preventing authentication processing. This is a classic memory management issue where the Java Virtual Machine cannot allocate additional memory for critical RADIUS authentication operations, resulting in service degradation across multiple ISE functions including EAP-TLS, PEAP authentication, and admin portal access.
Remediation Plan
1. Immediately restart the ISE application services to clear the memory leak and restore RADIUS functionality. 2. If service restart fails, perform a controlled reboot of the ISE PSN-1 node. 3. Monitor heap memory utilization post-restart to confirm memory leak resolution. 4. Review ISE profiling service configuration and disable non-critical profiling policies if necessary. 5. Consider increasing JVM heap size from 8GB to 12-16GB if hardware resources permit. 6. Implement heap memory monitoring alerts to detect future memory leaks before service failure.
Tested: 2026-03-30Monitors: 3 | Incidents: 3Test ID: cmnck8jt207jqobqeqnonhfds