cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2635
Views
0
Helpful
7
Replies

ISE 1.4 Receiving Authorization Requests Wireless Too Often

RSundstrom
Level 1
Level 1

Hello All,

I have a two-node ISE deployment for wired and wireless networks. When I run a report "Endpoints and Users > Top Authorizations by Endpoint" I will find that I have wireless devices that are being authorized once per second. This is always during a timespan when the users are not at work but their devices are in their offices and turned on. This is happening to many endpoints. As soon as they come to work and logon to their devices the authorizations then happen every 30 minutes as the Wireless Lan Controller is configured for.

I have searched for but not found anything referencing this. I am not sure if the resolution for this is within ISE, the LAN controller or the wireless endpoint.

 

1 Accepted Solution

Accepted Solutions

Jason Kunst
Cisco Employee
Cisco Employee
There are lots of changes since ISE 1.4, its old EOL/EOS, would recommend evaluate moving to 2.2 .

You can look at performance and scale items in Cisco live to setup WLC and ISE tuning but improvements have been made since your release. Recommend running WLC 8.3 or higher code as well.

http://cs.co/ise-training

wireless best practice tips
https://community.cisco.com/t5/security-documents/top-six-important-cisco-wlc-settings-for-ise-integration/ta-p/3643795

View solution in original post

7 Replies 7

Jason Kunst
Cisco Employee
Cisco Employee
There are lots of changes since ISE 1.4, its old EOL/EOS, would recommend evaluate moving to 2.2 .

You can look at performance and scale items in Cisco live to setup WLC and ISE tuning but improvements have been made since your release. Recommend running WLC 8.3 or higher code as well.

http://cs.co/ise-training

wireless best practice tips
https://community.cisco.com/t5/security-documents/top-six-important-cisco-wlc-settings-for-ise-integration/ta-p/3643795

Hello Jason,

I am moving to ISE 2.2 or 2.4 early in 2019. Our WLC's are above 8.3 now. Thank you for the tips!

I will check the WLC settings against what you have listed as Best Practices and report back.

 

I have checked my WLC settings are they all check out within requested parameters. I have since opened a ticket with Cisco TAC. We have found that the end user device is requesting the authentication from ISE. The requests are happening about one per second and are coming from Windows devices running Win 7 and 10. Does anybody have any idea as to why a device would request authentications so frequently?

RSundstrom
Level 1
Level 1

This string is marked as "Solved". I do not know why this is marked this way. It is not solved. We are working through the issue.

Change your WLC RADIUS authentication screen to send AP Name:SSID as the called station ID and then compare the called station ID on the logs in ISE.  I bet the client is constantly roaming.  Every time a client roams there is a full authentication.

I will be able to update this message string after the wireless administrators can fit this change into a maintenance window. Thank you.

I am finally able to update this string after much information gathering.

The problem still exists. I have wireless clients that are authenticating once per second for 60, 90, 120 minutes and then just stop.

I have opened a ticket with Cisco. They suggested updating the WLC drivers. We did that and there was no change at all. The Cisco engineer checked the logs and found that it was the client device that was initiating the authentication requests. It was also sending the authentication requests to the same Access Point. This proves it was not roaming between AP's as we once thought.

This can happen from a variety of wireless clients, at a variety of times and last for a variety of lengths before ending.

I have found that rebooting the client will end the constant auth requests only to begin again 3-4 days later.

We have checked the security and 802.1x security configurations on the wireless clients and they all seem to be okay.

Ideas anyone?