Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
2037
Views
5
Helpful
4
Replies

ISE 1x authentication please helpme!!

Go to solution
JustTakeTheFirstStep
Level 4
Level 4

‎06-20-2019 07:32 AM - edited ‎06-20-2019 07:33 AM

20190620_232617.png

 

We are in the process of certification testing with ISE 3566 2.6 equipment.

But the above fails.

 

20190620_232627.png

 

 

The detail information of the log is shown below.

5434 Endpoint conducted several failed authentications of the same scenario

When I search Google, it seems to be recognized as a DDOS attack.
https://community.cisco.com/t5/policy-and-access/ise-and-failed-authentications-conducted-by-endpoints/td-p/2971530

I tried to use the method mentioned in the link above, but I do not see the "Radius, Suppress Anomalous Clients" menu.

I think it's probably the version difference.

How do I resolve this issue in version 2.6?

0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Mike.Cifelli
VIP Alumni
VIP Alumni

‎07-01-2019 05:37 AM

I think in order to assist you further we would need to know more about how your setup that you are testing is configured. What I mean by that is what supplicant are you attempting to use, Native or NAM? How are your ISE policies configured? Those logs look like your hosts are failing over to mab and attempting to authenticate via mab instead of dot1x, which makes me think there may be something misconfigured somewhere.

View solution in original post

0 Helpful

Go to solution
JustTakeTheFirstStep
Level 4
Level 4
In response to Mike.Cifelli

‎07-31-2019 11:53 PM

Thank you for answer.

I solved this problem.

The cause of the problem was Reject-RADIUS.

Reject_RADIUS.png

View solution in original post

4 Replies 4

Go to solution
Arne Bier
VIP
VIP

‎06-20-2019 01:31 PM

What is the origin of those WLC authentications?  Is it for an OPEN SSID, or iPSK?  Or, are you using Radius on the WLC to perform device management, and have you got that working on the WLC?  I have seen a bug with TACACS auth on WLC, that floods the ISE PSN with hundreds of requests after you login to WLC using TACACS.  But I have not checked if that is the case when Radius is used as a device management protocol.  Just a stab in the dark ...

0 Helpful

Go to solution
hslai
Cisco Employee
Cisco Employee

‎06-29-2019 09:35 PM - edited ‎07-06-2019 08:48 PM

See the session presentation slide 306 of Advanced ISE – Architect, Design and Scale ISE for your production networks - BRKSEC-3432.

0 Helpful

Go to solution
Mike.Cifelli
VIP Alumni
VIP Alumni

‎07-01-2019 05:37 AM

I think in order to assist you further we would need to know more about how your setup that you are testing is configured. What I mean by that is what supplicant are you attempting to use, Native or NAM? How are your ISE policies configured? Those logs look like your hosts are failing over to mab and attempting to authenticate via mab instead of dot1x, which makes me think there may be something misconfigured somewhere.
0 Helpful

Go to solution
JustTakeTheFirstStep
Level 4
Level 4
In response to Mike.Cifelli

‎07-31-2019 11:53 PM

Thank you for answer.

I solved this problem.

The cause of the problem was Reject-RADIUS.

Reject_RADIUS.png

Top