Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1086
Views
0
Helpful
1
Replies

Radius Authentication in ACS 5.2 with AD

mhuaynate
Level 1
Level 1

‎03-11-2011 06:58 PM - edited ‎03-10-2019 05:54 PM

Friend,

I have a questión about radius authenticaction with AD, when I log in into the network with user in AD and I make a mistake in password my radius authenticaction event in ACS 5.2 dont show me this logg. only show the authentication succeeded but dont show me the authentication failed. Maybe i must to enable same service to show the authentiaction failed. The Voice authetication works fine..

This is the confg in the port of the switch:

interface FastEthernet0/12
switchport mode access
switchport access vlan 2
switchport voice vlan 10
authentication port-control auto
authentication host-mode multi-domain
authentication violation protect
authentication event fail action authorize vlan 11
authentication event fail retry 2 action authorize vlan 11
authentication event no-response action authorize vlan 11
authentication periodic
authentication timer reauthenticate 60
mab
dot1x pae authenticator
dot1x timeout tx-period 10
dot1x max-reauth-req 3
spanning-tree portfast
end

Vlan 2: DATA

Vlan 10: VOICE

Vlan 11: GUEST

Capture.PNG

thank...

Marco

Labels:
0 Helpful
1 Reply 1

slawford
Cisco Employee
Cisco Employee

‎03-15-2011 06:34 AM

Hi Marco,

When you type in the wrong password do you see the login fail on the device you entered it? Depending on how you have configured fallback mechanisms on ACS, an attempt can still be permited eventhough the authentication failed.

It would be best to take a look at the authentication steps under the RADIUS authentication log for an attempt you beleive should have failed to see what ACS is doing with the request.

Steve.

0 Helpful
Customers Also Viewed These Support Documents