Intermittent 802.1x wired connectivity

sbrooke · ‎11-21-2006

I have ACS SE v4.0.1 Build 44. I'm using the remote agent to authenticate users against AD. I have a test laptop connecting to a 6500 running CatOS 8.4.5.

I can get the laptop to authenticate sometimes but it's intermittent. I can't find a pattern to it yet. And even when it does authenticate it will not authenticate if I unplug the cable and plug it back in.

What are some things I can look for to figure out what's going on? Any ideas for what might be causing this?

darpotter · ‎11-21-2006

First place to start is to see what AAA traffic occurs when you cant get access.

Is the 6500 sending anything to ACS?

If not could be supplicant/6500 issue.

If it is, what is ACS doing with it?

Anything in failed attempts?

Set ACS logging to max, anything in auth.log?

Darran

mmmoookkk · ‎11-23-2006

Hello

what is the authentication that you are using on your laptop? md5/PEAP/cert's

best you use md5 challange for testing, configured on your nic's authentication tab in the configuration window.

this should tell you if you are having any problems on the line for the laptop to the ACS via the switch.

if you are using certificates and you find that the authentication only prior to your windows login, then this is cause of the certificate on you laptop being stored in your machine store and not the user and this is why your user name after login cannot authenticate you. since the user cannot access the machine store. to solve this you can patch your windows registry or get another certificate from your CA thats taken from the USER template and not marked to be stored in the machine store.

hope this helps.

regards

Motti