03-18-2011 05:25 PM - edited 03-10-2019 05:55 PM
I am using ACS5.1 connected to WLC (v7.x) and frequently see host auth requests in the ACS logs. I am not interested in seeing host auth requests at all. Is there anyway just to ignore these.
The issue is that these will always fail. If I enable the lock out facility within WLC and a host continually tries to auth the WLC will lock-out that mac address meaning that when the user is ready to connect with their own credentials they are unable to as the WLC is blocking that mac address from connecting to the wireless network.
I tried disabling the 'process host lookup' option, but this apparently only changes the type of request to appear like a standard PAP auth request which again fails, filling up my RADIUS logs and stopping me from enabling the WLC lookout feature.
So, as I say, I want to simply ignore host requests. I have no control over the end points so am unable to go and update config etc of these devices.
Many Thanks
Paul
04-15-2011 07:02 AM
Hello,
The ACS will log everything that he receives. There is no way to avoid the authentications request.
What you can do is to filter the logs and in that way you won't see it but the ACS will keep the logs of everything that he receive.
Hope this clarify your concern.
Erick Delgado
Cisco CSE
04-17-2011 01:20 AM
I wasn't asking about logging. But surely there must be some configuration that allows ACS to ignore machine auths? - For example there are at least two places where there are check boxes to 'ignore machine auth' or similar, yet checking and unchecking this seems to make no difference. So if that is the case why have it?
Paul
-
04-18-2011 02:18 AM
Hello Pablo,
In the Active Directory configuration, you can disable support for machine authentication, but that won't prevent host from trying to do so thus generating logs.
If you want that host does not try to do host authenticaiton, you can disable it in the network adapter preferences:
04-18-2011 04:35 AM
Yes, I have done both of these already, yet I am still seeing failed authentications (rather than ignored or anything else) for hosts.
Paul
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide