https://community.cisco.com/t5/network-access-control/limit-authentication-requests-per-network-device-on-ise/m-p/5339293#M598573 <P>Hi&nbsp;<a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/1834653">@syllkons1</a>&nbsp;</P> <P>I don't know of any ISE feature that would protect. The PSN just takes any request that you throw at it - apart from the "reject on repeated failed attempts" etc.&nbsp;</P> <P>Maybe a load balancer front-ending your PSNs could be scripted to detect some kind of attack. e.g. an F5 iRule</P> <P>Other approaches with ISE could involve dedicating PSNs to a certain role only (e.g. wired RADIUS, vs wireless RADIUS) - can become expensive, but it would "protect" your other PSNs.</P> <P>Just out of interest, how have you limited the requests on the network devices (in your last sentence) ?</P> <P>&nbsp;</P> Thu, 16 Oct 2025 21:22:32 GMT Arne Bier 2025-10-16T21:22:32Z https://community.cisco.com/t5/network-access-control/limit-authentication-requests-per-network-device-on-ise/m-p/5339078#M598559 <P>Hello all,&nbsp;</P><P>Is there a way to limit the authentication requests per network device on ISE?</P><P>We already use "Suppress Repeated Failed Clients" under RADIUS but this applies per endpoint.</P><P>If an attacker generates hundreds of different mac addresses, ISE is still at risk.</P><P>This can be limited on the network device, which we do, but I was wondering if that is an option on ISE as well.</P><P>BR,</P><P>Konstantinos</P> Thu, 16 Oct 2025 09:32:47 GMT https://community.cisco.com/t5/network-access-control/limit-authentication-requests-per-network-device-on-ise/m-p/5339078#M598559 syllkons1 2025-10-16T09:32:47Z https://community.cisco.com/t5/network-access-control/limit-authentication-requests-per-network-device-on-ise/m-p/5339293#M598573 <P>Hi&nbsp;<a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/1834653">@syllkons1</a>&nbsp;</P> <P>I don't know of any ISE feature that would protect. The PSN just takes any request that you throw at it - apart from the "reject on repeated failed attempts" etc.&nbsp;</P> <P>Maybe a load balancer front-ending your PSNs could be scripted to detect some kind of attack. e.g. an F5 iRule</P> <P>Other approaches with ISE could involve dedicating PSNs to a certain role only (e.g. wired RADIUS, vs wireless RADIUS) - can become expensive, but it would "protect" your other PSNs.</P> <P>Just out of interest, how have you limited the requests on the network devices (in your last sentence) ?</P> <P>&nbsp;</P> Thu, 16 Oct 2025 21:22:32 GMT https://community.cisco.com/t5/network-access-control/limit-authentication-requests-per-network-device-on-ise/m-p/5339293#M598573 Arne Bier 2025-10-16T21:22:32Z https://community.cisco.com/t5/network-access-control/limit-authentication-requests-per-network-device-on-ise/m-p/5339727#M598590 <P>Hey <a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/158532">@Arne Bier</a>&nbsp;,&nbsp;</P><P>I understand it makes sense that ISE would accept the requests as valid if they are coming from different clients.&nbsp;</P><P>We have configured "<SPAN class="">radius-server</SPAN><SPAN>&nbsp;</SPAN><SPAN class="">throttle" on the switches.&nbsp;</SPAN></P> Sat, 18 Oct 2025 16:21:32 GMT https://community.cisco.com/t5/network-access-control/limit-authentication-requests-per-network-device-on-ise/m-p/5339727#M598590 syllkons1 2025-10-18T16:21:32Z