cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

2878
Views
0
Helpful
0
Replies
sprosons
Beginner

ACS 5.2 Failed attempts logging

I have upgraded from ACS 4.2 to ACS 5.1 and the reporting is not as I expected. In 4.2 the failed attempts file contained the username, client mac address and nas address for the failed attempt. This makes tracking down incorrectly configured clients relatively easy. In 5.1 the info is missing. if I use the nas to test aaa then I can see the username but when the wireless clients using PEAP/MSCHAP-V2 fail I only see the reason code and none of the previous information.

This is the log from 4.2

09/13/2011,14:09:59,Authen failed,7010329979,Default Group,001a.0000.ccfe,EAP-TLS or PEAP authentication failed due to invalid certificate during SSL handshake,,,172846,10.1.17.10,,acs-42-r-02

and this is what I get from 5.1

Sep 13 10:42:03 10.1.112.52 local6.notice Sep 13 10:08:20 acs-51-r-03 CSCOacs_Failed_Attempts 0000000059 2 0 2011-09-13 10:08:20.364 +00:00 0000014478 5411 NOTICE Failed-Attempt: EAP session timed out, ACSVersion=acs-5.1.0.44-B.2347, ConfigVersionId=10, AcsSessionID=acs-51-r-03/104161341/96, AuthenticationMethod=MSCHAPV2, SelectedAccessService=Default Network Access, DetailedInfo=Invalid username or password specified\, Retry is allowed, FailureReason=22056 , Step=11001 , Step=11017 , Step=15008 , Step=15004 , Step=15012 , Step=11507 , Step=12300 , Step=11006 , Step=11001 , Step=11018 , Step=12302 , Step=12319 , Step=12800 , Step=12805 , Step=12806 , Step=12807 , Step=12810 , Step=12305 , Step=11006 , Step=11001 , Step=11018 , Step=12304 , Step=12305 , Step=11006 , Step=11001 , Step=11018 , Step=12304 , Step=12305 , Step=11006 , Step=11001 , Step=11018 , Step=12304 , Step=12305 , Step=11006 , Step=11001 , Step=11018 , Step=12304 , Step=12319 , Step=12812 , Step=12804 , Step=12801 , Step=12802 , Step=12816 , Step=12310 , Step=12305

I suspect they are both failing for the same reason but I get different messages. At this point I trust 4.2 giving the right reason.

Is there somewhere in the configuration that I can turn on the missing fields.

Thanks Steve

0 REPLIES 0
Content for Community-Ad