We are in the process of certification testing with ISE 3566 2.6 equipment.
But the above fails.
The detail information of the log is shown below.
5434 Endpoint conducted several failed authentications of the same scenario
When I search Google, it seems to be recognized as a DDOS attack.
I tried to use the method mentioned in the link above, but I do not see the "Radius, Suppress Anomalous Clients" menu.
I think it's probably the version difference.
How do I resolve this issue in version 2.6?
What is the origin of those WLC authentications? Is it for an OPEN SSID, or iPSK? Or, are you using Radius on the WLC to perform device management, and have you got that working on the WLC? I have seen a bug with TACACS auth on WLC, that floods the ISE PSN with hundreds of requests after you login to WLC using TACACS. But I have not checked if that is the case when Radius is used as a device management protocol. Just a stab in the dark ...
See the session presentation slide 306 of Advanced ISE – Architect, Design and Scale ISE for your production networks - BRKSEC-3432.