Hi Jerry, In the controllers, you'll fund under Security the settings for Client Exclusion options, these are global and come into play if enabled on a WLAN under advanced settings. If Client Exclusion is enabled on a WLAN, it will follow the settings under the global settings. There are like 6 of of them, and they can cause all kinds of trouble. There is no adjustment to any sort of threshold- it's literally three strikes against whatever exclusion parameter is being hit and then client is excluded for whatever time is specified under advanced settings of the WLAN (again, if enabled on the WLAN).
On 802.1x networks, I'd recommend excluding on failed 802.1x authentications but putting the timer at like 5 seconds. This will slow down DOS effects on RADIUS servers from misconfigured/unconfigured clients, but not shut out legit clients that sputter a bit in authing for whatever reason. I've asked Cisco for more control over this, as the 3-strike value is just too low. -Lee Lee H. Badman Network Architect/Wireless TME ITS, Syracuse University 315.443.3003 ________________________________________ From: The EDUCAUSE Wireless Issues Constituent Group Listserv <[email protected]> on behalf of Jerry Bucklaew <[email protected]> Sent: Sunday, March 2, 2014 8:53 AM To: [email protected] Subject: Re: [WIRELESS-LAN] client exclude reason unknown To ALL: I am running Cisco controllers version 7.4 code. I was looking at my controllers and I noticed a bunch of clients excluded for reason "unknown". These also have a timer of "n/a" so they would stay excluded forever. Since I don't normally look at the client exclusions I am not sure when this started. I was wondering if anyone else has seen this before? I deleted them all so we will see if they come back. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
