Preview Tool

Cisco Bug: CSCvv50134 - ISE implement feature to auto block clients after multiple incorrect password attempts

Last Modified

Aug 31, 2020

Products (1)

  • Cisco Identity Services Engine

Known Affected Releases


Description (partial)

Currently ISE has a suppression feature(Administration>System>Settings>Protocols>Radius), which prevents logging of repeated authentication failures, and thus prevents system load or rogue clients.

It has the option to reject clients automatically after a custom threshold frequency of failures, but this was intended for reducing 'load' and doesn't work if the failures are due to wrong password(as explained here:

Customers looking to prevents brute force password attacks in their network want the ability for their Radius server to reject these clients automatically after multiple 'wrong password' attempts.

The device is configured for Radius authentication.
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.