Chatty endpoint in cisco ISE - Cisco ISE https://www.hacktheforum.com/cisco-ise/chatty-endpoint-in-cisco-ise/ Hack The Forum Discussion Board en Tue, 14 Apr 2026 20:35:33 +0000 wpForo 60 Chatty endpoint in cisco ISE https://www.hacktheforum.com/cisco-ise/chatty-endpoint-in-cisco-ise/#post-20083 Tue, 14 Apr 2026 12:00:55 +0000 In Cisco Identity Services Engine (ISE), a “chatty endpoint” refers to a device on the network that generates an unusually high volume of authentication or posture-related traffic toward ISE in a short period of time.

A chatty endpoint is typically:

  • Repeatedly sending authentication requests (e.g., 802.1X, MAB)
  • Frequently triggering RADIUS transactions
  • Continuously attempting to reauthenticate or reconnect

Common causes

  • Misconfigured supplicant
    • Incorrect 802.1X settings on endpoints (Windows, macOS, etc.)
  • Network instability
    • Flapping ports, unstable Wi-Fi, or switch issues
  • Aggressive timers
    • Very low reauthentication intervals configured on switches or ISE
  • Endpoint behavior
    • IoT devices or printers constantly retrying authentication
  • Posture or profiling loops
    • Devices stuck in posture assessment or profiling cycles

Why?

  • High load on ISE nodes (PSNs especially)
  • Increased RADIUS latency
  • Possible authentication failures for other devices
  • Can lead to performance degradation or even outages in large deployments
]]> Cisco ISE Techie https://www.hacktheforum.com/cisco-ise/chatty-endpoint-in-cisco-ise/#post-20083