Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
638
Views
0
Helpful
2
Replies

802.1x ReAuthentication problems with ACS 4.2

LudovicDS
Level 1
Level 1

ā€Ž12-02-2010 03:16 AM - edited ā€Ž03-10-2019 05:38 PM

Hi all,

I' m actually working on 802.1x Authentication with ACS 4.2 SE.

I want to restrict my group user to 1 session available to users of this group.

Problem 1:

When my supplicant try to reauthenticate, we can see failed attempts on ACS reports : "ACS User exceeded max sessions"

How can we resolve this kind of problems on ACS 4.2.

Is it possible to restrict such access?

Problem 2 :

I have 3 ACS 4.2 on my architecture. One is master and 2 are slaves with database replication from Master to Slaves

When i disconnect my master from the network, the supplicant previously authenticated on the master succeed the first reauthentication.

But when the master comes up (without any service reload), the next supplicant reauthentication fails with the same error as Problem 1 "ACS User exceeded max sessions".

How can we resolve this problem? how can we automatically force ACS to reload his services on network failure?

Thank you very much for your help.

Best regards.

Ludovic.

Labels:
0 Helpful
2 Replies 2

Nicolas Darchis
Cisco Employee
Cisco Employee

ā€Ž12-02-2010 05:34 AM

Hi Ludovic,

to me problem 2 will be solved by problem 1.

Do you have radius accounting configured ? Is the ACS receiving the correct accounting when reauthentication occurs ?

Nicolas

0 Helpful

LudovicDS
Level 1
Level 1
In response to Nicolas Darchis

ā€Ž12-02-2010 05:50 AM

Hi Nicolas,

Yes Radius accounting is configured  and i receive all radius accounting Start and Stop sessions.

But in the Reauthentication Process, no stop radius accounting is sent by the switch to the radius server. (A Normal process i think)

The supplicant must still connected during ReAuthentication process...But ACS doesn't seem to understand that it's a ReAuthentication and not a second authentication.

Best regards

0 Helpful
Customers Also Viewed These Support Documents