Hello Jason,

I am moving to ISE 2.2 or 2.4 early in 2019. Our WLC's are above 8.3 now. Thank you for the tips!

I will check the WLC settings against what you have listed as Best Practices and report back.

I have checked my WLC settings are they all check out within requested parameters. I have since opened a ticket with Cisco TAC. We have found that the end user device is requesting the authentication from ISE. The requests are happening about one per second and are coming from Windows devices running Win 7 and 10. Does anybody have any idea as to why a device would request authentications so frequently?

Change your WLC RADIUS authentication screen to send AP Name:SSID as the called station ID and then compare the called station ID on the logs in ISE.  I bet the client is constantly roaming.  Every time a client roams there is a full authentication.

I will be able to update this message string after the wireless administrators can fit this change into a maintenance window. Thank you.

I am finally able to update this string after much information gathering.

The problem still exists. I have wireless clients that are authenticating once per second for 60, 90, 120 minutes and then just stop.

I have opened a ticket with Cisco. They suggested updating the WLC drivers. We did that and there was no change at all. The Cisco engineer checked the logs and found that it was the client device that was initiating the authentication requests. It was also sending the authentication requests to the same Access Point. This proves it was not roaming between AP's as we once thought.

This can happen from a variety of wireless clients, at a variety of times and last for a variety of lengths before ending.

I have found that rebooting the client will end the constant auth requests only to begin again 3-4 days later.

We have checked the security and 802.1x security configurations on the wireless clients and they all seem to be okay.

Ideas anyone?