cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
configure & troubleshoot anyconnect
267
Views
0
Helpful
3
Replies
Highlighted
Beginner

ISE 1x authentication please helpme!!

20190620_232617.png

 

We are in the process of certification testing with ISE 3566 2.6 equipment.

But the above fails.

 

20190620_232627.png

 

 

The detail information of the log is shown below.

5434 Endpoint conducted several failed authentications of the same scenario

When I search Google, it seems to be recognized as a DDOS attack.
https://community.cisco.com/t5/policy-and-access/ise-and-failed-authentications-conducted-by-endpoints/td-p/2971530

I tried to use the method mentioned in the link above, but I do not see the "Radius, Suppress Anomalous Clients" menu.

I think it's probably the version difference.

How do I resolve this issue in version 2.6?

3 REPLIES 3
VIP Engager

Re: ISE 1x authentication please helpme!!

What is the origin of those WLC authentications?  Is it for an OPEN SSID, or iPSK?  Or, are you using Radius on the WLC to perform device management, and have you got that working on the WLC?  I have seen a bug with TACACS auth on WLC, that floods the ISE PSN with hundreds of requests after you login to WLC using TACACS.  But I have not checked if that is the case when Radius is used as a device management protocol.  Just a stab in the dark ...

Cisco Employee

Re: ISE 1x authentication please helpme!!

Enthusiast

Re: ISE 1x authentication please helpme!!

I think in order to assist you further we would need to know more about how your setup that you are testing is configured. What I mean by that is what supplicant are you attempting to use, Native or NAM? How are your ISE policies configured? Those logs look like your hosts are failing over to mab and attempting to authenticate via mab instead of dot1x, which makes me think there may be something misconfigured somewhere.