Just posted this on Cisco discussion forum, curious if anyone else has pondered it:
I have around 16k wireless clients at peek on my WLAN, all doing 802.1x with latest ACS and things are generally fine. But also have hundreds of misconfigured smartphones where WiFi is on, but users don't really care if they hit my wireless network from them and these can frequently overwhelm ACS with hundreds of thousands of auth failures that have to be processed. Is there any way between controllers and ACS to say after X failed auth attempts that a client is moved to another vlan ( dead end) or auth attempts get suspended for a while, or that client device is forcibly blocked at L2, or anything that could tame the condition automatically? On wired 802.1x, you can do an auth failure vlan that a client lands in after x failed attempts at auth. Not quite seeing it on wireless yet in docs, but would be handy for the misconfigured handhelds that are clobbering ACS with as many as 50K+ plus failed attempts, each, daily. Or even alerting out of ACS would good if some device exceeded an insane auth failure threshold so they could be manually blocked, but not optimal ( or possible, probably) Lee Badman ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
