cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
810
Views
0
Helpful
2
Replies

ACS 3.2 "Logged-In Users"

dewman03
Level 1
Level 1

Im having a small problem with my ACS server.

All authentication is working fine, but when i goto "Reports" and check the logged in users, there are none. Also, I know that users are on the Wireless Network. When we had our VxWorks enviorment, the ACS server would show the "Logged-In users" fine. So I know its a config issue from VxWorks to IOS. Just wondering if others had this same problem and what stepes they went theough to midigate the situation

2 Replies 2

gfullage
Cisco Employee
Cisco Employee

The Logged-In Users report relies on the ACS server receiving Accounting start and stop records when the user logs in, otherwise ACS has no idea when they logout. Youu need to have something like this for it to work:

aaa new-model

aaa accounting exec start-stop default group tacacs

Well that is what is weird. I can see all the start and stops in the RADIUS account logs, but i never see logged in users. I also made sure that there was not alot of start stops that would foll logged in users to thinking they logged off.

So my AP's are doing accounting fine, but they are not reporting the logged in users. I check out some stuff and there minimum erquirements are that the accounting packets contain nas-ip address and nas-port. I am thinking that i am missing an accounting element that is required for logged in users to work as my accounting is working.

Also i read some ACS documentation that said Logged in users requires "Service-Type" to be a sent accounting attribute. While I think i am sending that attribute, my ap has a default command of

radius-server permit missing service-type

if i set this to deny instead of permit, then authentication fails. So i think my clients are not sending the service-type attribute, but i am at a loss for finding out if this is true and how to midigate the situation.