We’re an Extreme Networks shop. If a client doesn’t register their MAC address,
they can’t go anywhere until their device is registered except the registration
page. We haven’t had any issues with devices cycling thru like that. They
attempt to authenticate 3 times and they remain in the
With Cisco there is a feature called Client Exclusion which can be set
to 60 to 300 seconds. If a client fails 802.1x auth three times they are
put in the exclusion list. Setting the timer to a high value 300 means
if the client fixes the login information correctly they still can not
On Nov 20, 2019, at 11:16, Joseph M. Karam
mailto:jka...@princeton.edu>> wrote:
We would like to define a rule in our wireless infrastructure that says
something like, “if the device failed authentication 20 times in 1 minute, do
not allow it to authenticate again for 10 minutes”. Has
