cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1484
Views
5
Helpful
4
Replies

ISE 1x authentication please helpme!!

20190620_232617.png

 

We are in the process of certification testing with ISE 3566 2.6 equipment.

But the above fails.

 

20190620_232627.png

 

 

The detail information of the log is shown below.

5434 Endpoint conducted several failed authentications of the same scenario

When I search Google, it seems to be recognized as a DDOS attack.
https://community.cisco.com/t5/policy-and-access/ise-and-failed-authentications-conducted-by-endpoints/td-p/2971530

I tried to use the method mentioned in the link above, but I do not see the "Radius, Suppress Anomalous Clients" menu.

I think it's probably the version difference.

How do I resolve this issue in version 2.6?

2 Accepted Solutions

Accepted Solutions

Mike.Cifelli
VIP Alumni
VIP Alumni
I think in order to assist you further we would need to know more about how your setup that you are testing is configured. What I mean by that is what supplicant are you attempting to use, Native or NAM? How are your ISE policies configured? Those logs look like your hosts are failing over to mab and attempting to authenticate via mab instead of dot1x, which makes me think there may be something misconfigured somewhere.

View solution in original post

Thank you for answer.

I solved this problem.

The cause of the problem was Reject-RADIUS.

Reject_RADIUS.png

View solution in original post

4 Replies 4

Arne Bier
VIP
VIP

What is the origin of those WLC authentications?  Is it for an OPEN SSID, or iPSK?  Or, are you using Radius on the WLC to perform device management, and have you got that working on the WLC?  I have seen a bug with TACACS auth on WLC, that floods the ISE PSN with hundreds of requests after you login to WLC using TACACS.  But I have not checked if that is the case when Radius is used as a device management protocol.  Just a stab in the dark ...

hslai
Cisco Employee
Cisco Employee

Mike.Cifelli
VIP Alumni
VIP Alumni
I think in order to assist you further we would need to know more about how your setup that you are testing is configured. What I mean by that is what supplicant are you attempting to use, Native or NAM? How are your ISE policies configured? Those logs look like your hosts are failing over to mab and attempting to authenticate via mab instead of dot1x, which makes me think there may be something misconfigured somewhere.

Thank you for answer.

I solved this problem.

The cause of the problem was Reject-RADIUS.

Reject_RADIUS.png

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: