Hi, I have a TAC case open with Cisco at the moment but it's been open for quite a few weeks and the suggestions so far have made no difference. The Misconfigured devices are all the same errors which is

12929 NAS sends RADIUS accounting update messages too frequently

I've tried lots of things to try and fix this but nothing seems to be working.

I seem to be getting lots and lots of authentication requests coming in.

I have one theory. In Meraki for sure, CoA combined with Fast Transition is problematic because when a client is first authenticated by ISE by WAP#1, but then the client roams to WAP#2, ISE will not know that this has happened, because Fast Transition spares the client from having to reauth again. Good for the client , but a disaster for CoA. ISE will send the CoA to a WAP that is no longer responsible for that session. This is why you will see COA failures in such a constellation.

Maybe your situation is similar? Is this a Cisco FlexConnect scenario?

ISE will only send a CoA to a NAD if ISE believes the session is still active. So either the Accounting Stop was not sent or processed, or more likely is the theory I just explained.

It does seem to be something like the authentication method is either not clearing and continues to try even though it's successful or like you said the device disconnects or goes somewhere else and the sessions is not cleared down.

I'm not using Cisco Wi-Fi at this time, just 9200 switches.

I apologise for the last reply I sent. That was meant for a completely different thread regarding CoA. I got mixed up.

I also noticed on my switches that sometimes a high authentication count is due to a faulty endpoint that just reauths because its network stack keeps restarting the 802.1X every few seconds etc. You have no control over that. Sometimes it helps to capture the traffic on such an interface and analyse in wireshark. I have also had faulty media converters inject “noise” on the Ethernet that then triggers ongoing authentication events.