04-30-2010 09:08 AM - edited 03-10-2019 05:06 PM
We're using Cisco Secure ACS 5.1.0.44 for LDAP(Active Directory) authentication on our cisco devices. The login prompt is spotty at times. I have noticed that two like devices, say two 1231 AP's with the exact same configurations and IOS, minus device name and IP address of course, on the same subnet, do not respond to ACS the same way. One prompts for domain credentials and the other just asks for a password. The thing that sucks is that half the time the ACS fails, the old vty login password no longer works either so I can no longer access the device.
Also, the device that failed to prompt for the domain credentials takes an extremely long time to prompt for a password and then takes an extremely long time to authenticate the password.
$ telnet x.x.x.x
Trying... <---------- this takes up to 10 seconds or longer.
Connected to x.x.x.x
Escape character is '^]'.
Password: vty password works most times, but not all
the other resonds appropriately
$ telnet x.x.x.x
Trying... <---------- This is instantaneous.
Connected to x.x.x.x
Escape character is '^]'.
Corp Domain Username: user
Password: xxxx
What gives?!?!?!?!?!? It's driving me nuts!!!!!!!!!!!!!!!!
04-30-2010 11:10 AM
The odd password problem stems from the delay from when the AP is expecting the password and
when it actually prompts on the screen. Basically if I wait for the password prompt it's too late because
the password timeout has already occured.
I believe it may be an IOS problem. I got the bootloader version confused with the IOS.
Anybody got a list of AP IOS's supported by ACS 5.1.0.44? The following link sucks, http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.1/device_support/sdt51.html ,
and Cisco's website is too convoluted to be much help.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide