This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.
I have a two-node ISE deployment for wired and wireless networks. When I run a report "Endpoints and Users > Top Authorizations by Endpoint" I will find that I have wireless devices that are being authorized once per second. This is always during a timespan when the users are not at work but their devices are in their offices and turned on. This is happening to many endpoints. As soon as they come to work and logon to their devices the authorizations then happen every 30 minutes as the Wireless Lan Controller is configured for.
I have searched for but not found anything referencing this. I am not sure if the resolution for this is within ISE, the LAN controller or the wireless endpoint.
Solved! Go to Solution.
I am moving to ISE 2.2 or 2.4 early in 2019. Our WLC's are above 8.3 now. Thank you for the tips!
I will check the WLC settings against what you have listed as Best Practices and report back.
I have checked my WLC settings are they all check out within requested parameters. I have since opened a ticket with Cisco TAC. We have found that the end user device is requesting the authentication from ISE. The requests are happening about one per second and are coming from Windows devices running Win 7 and 10. Does anybody have any idea as to why a device would request authentications so frequently?
Change your WLC RADIUS authentication screen to send AP Name:SSID as the called station ID and then compare the called station ID on the logs in ISE. I bet the client is constantly roaming. Every time a client roams there is a full authentication.
I am finally able to update this string after much information gathering.
The problem still exists. I have wireless clients that are authenticating once per second for 60, 90, 120 minutes and then just stop.
I have opened a ticket with Cisco. They suggested updating the WLC drivers. We did that and there was no change at all. The Cisco engineer checked the logs and found that it was the client device that was initiating the authentication requests. It was also sending the authentication requests to the same Access Point. This proves it was not roaming between AP's as we once thought.
This can happen from a variety of wireless clients, at a variety of times and last for a variety of lengths before ending.
I have found that rebooting the client will end the constant auth requests only to begin again 3-4 days later.
We have checked the security and 802.1x security configurations on the wireless clients and they all seem to be okay.