I am implementing ISE 2.3 for the first time and monitored that upon reoccurring failed MAB authentication, ISE blocks the MAC into rejected state (see above image). Navigate to Context Visibility -> Endpoints to get the status of all the endpoints
I realized this when I stopped receiving RADIUS logs and discovered that my testing device's MAC was blocked. I had to select the device and manually release the rejected endpoint (see below) and it started showing in the RADIUS logs again. It is greyed out in the image as I don't have any blocked endpoint while I write this.
My question is - is there a way to disable this? Nice security feature but I can't imagine the admin workload for support every time they have to manually release endpoints.
Has anyone encountered this issue before? Was this feature in previous ISE versions?
