With Cisco there is a feature called Client Exclusion which can be set
to 60 to 300 seconds. If a client fails 802.1x auth three times they are
put in the exclusion list. Setting the timer to a high value 300 means
if the client fixes the login information correctly they still can not
authenticate until the timer runs out and are removed from the exclusion
list. This can cause some confusion for your helpdesk and walk in
support who are helping students.
Kevin
On 11/20/2019 11:16 AM, Joseph M. Karam wrote:
Hello Everyone,
Are there any general recommendations/best practices on rules for
misconfigured wireless devices for connecting to your wireless
infrastructure? For example, we have many mis-configured eduroam
clients that are just continually sending authentication requests.
We would like to define a rule in our wireless infrastructure that
says something like, “if the device failed authentication 20 times in
1 minute, do not allow it to authenticate again for 10 minutes”.
Has anyone had good or bad experiences with defining these types of
policies?
Thank you,
Joe
**********
Replies to EDUCAUSE Community Group emails are sent to the entire
community list. If you want to reply only to the person who sent the
message, copy and paste their email address and forward the email
reply. Additional participation and subscription information can be
found at https://www.educause.edu/community
**********
Replies to EDUCAUSE Community Group emails are sent to the entire community
list. If you want to reply only to the person who sent the message, copy and
paste their email address and forward the email reply. Additional participation
and subscription information can be found at https://www.educause.edu/community
