I have around 16k wireless clients at peek on my WLAN, all doing 802.1x with latest ACS and things are generally fine. But also have hundreds of misconfigured smartphones where WiFi is on, but users don't really care if they hit my wireless network and these can Frequently overwhelm ACS with hundreds of thousands of auth failures that have to b processed. Is there any way between controllers and ACS to say after X failed auth attempts that a client is moved to another vlan ( dead end) or auth attempts get suspended for a while, or that client device is forcibly blocked at L2, or anything that could tame the condition automatically?
after 3 bad attempts client gets blacklisted, enable client exclusion globally and also on the affected wlan from advanced tab. down side is, if geniune client gets excluded then need to remove them manually -not so good option.
dont broadcast the ssid. so no client can accidentally connect to it. try this.
Thanks Saravanan. I would think that three bad attempts would be bad, but like a few hundred might catch the worst of the worst, which is what I'd be after in this case.
The 3 bad attempts setting is too aggressive. We had to disable this client exclusion feature because too many users cannot connect. If this number is configurable, it will be very useful!
Sent from Cisco Technical Support iPad App