08-10-2017 06:57 AM - edited 03-11-2019 12:55 AM
Hello,
I have a problem on ISE2.1: when I authenticate and get an access Reject by the ISE 2 or 3 times, I can't see the others rejected live logs until about 15 minutes.
Is it a normal case?
if no, is there a configuration to be made on the ISE to have live logs regarless the number of access reject?
Thank you in advance
08-10-2017 07:20 AM
This is probably due to Anomalous Client suppression for Radius Authentications. The reporting interval is 15 minutes when you fail multiple authentications with 5 minutes. You can disable for a particular endpoint this under live log by choosing "Bypass Client suppression". This allows you to see all authentications for 1 hour (pic attached)
08-10-2017 07:40 AM
Thank you for your quick answer.
I have just test it for a particular endpoint as you told me and it's ok. Now I can see all logs for this endpoint.
Have a nice day!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide