Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
281
Views
0
Helpful
2
Replies

Limit authentication requests per network device on ISE

syllkons1
Level 1
Level 1

‎10-16-2025 02:32 AM

Hello all, 

Is there a way to limit the authentication requests per network device on ISE?

We already use "Suppress Repeated Failed Clients" under RADIUS but this applies per endpoint.

If an attacker generates hundreds of different mac addresses, ISE is still at risk.

This can be limited on the network device, which we do, but I was wondering if that is an option on ISE as well.

BR,

Konstantinos

0 Helpful
2 Replies 2

Arne Bier
VIP
VIP

‎10-16-2025 02:22 PM

Hi @syllkons1 

I don't know of any ISE feature that would protect. The PSN just takes any request that you throw at it - apart from the "reject on repeated failed attempts" etc. 

Maybe a load balancer front-ending your PSNs could be scripted to detect some kind of attack. e.g. an F5 iRule

Other approaches with ISE could involve dedicating PSNs to a certain role only (e.g. wired RADIUS, vs wireless RADIUS) - can become expensive, but it would "protect" your other PSNs.

Just out of interest, how have you limited the requests on the network devices (in your last sentence) ?

 

0 Helpful

syllkons1
Level 1
Level 1

‎10-18-2025 09:16 AM - edited ‎10-18-2025 09:21 AM

Hey @Arne Bier , 

I understand it makes sense that ISE would accept the requests as valid if they are coming from different clients. 

We have configured "radius-server throttle" on the switches. 

0 Helpful
Customers Also Viewed These Support Documents