11-04-2010 10:56 PM - edited 03-10-2019 05:33 PM
Hi all experts.
I am using ACS 3.3 but pls dont run away since i am facing very odd issue. In my failed attempt logs, there are times when the caller-id is not present( means blank). What could be the possible reason for that ?
Thanks in advance
11-05-2010 09:11 AM
Information in the "Caller-ID" depends on the information being sent from
the NAS to ACS.
For TACACS -- whatever is being passed from NAS to ACS in the "rem_addr"
field that will be logged in "Caller-ID".
For RADIUS -- whatever is being passed from NAS to ACS in the "Calling
Station ID (31)" attribute that will be logged in "Caller-ID".
It also depends on the type of connection you are using:
-For dial-in it will be telephone number from which you are dialing if the
TELCO forwards that information otherwise it will say "async".
-For telnet it will log the IP address of the client.
-For wireless device it will log the MAC address.
So, it depends on the information being passed from NAS to ACS and the type
of authentication protocol you are using. If NAS doesn't pass the info then
it will be blank.
You can run #debug aaa authentication
#debug radius (or tacacs)
and verify the fields
11-05-2010 10:57 AM
John,
Also to add to this it depends on what the failure reason is as well. If the resason is "EAP Session Timeout" then that is just a thread timeout in ACS and ACS will not post the caller-id in the logs.
--Jesse
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: