08-13-2015 05:53 AM
I have multiple WSAs utilizing the CDA for transparent auth. I have the CDA agent logging to a syslog and I see a bunch of these messages.
Aug 13 08:20:50 <CDASERVERNAME> CSCOibf_Failed_Attempts 0002999937 1 0 2015-08-13 08:20:50.158 -05:00 0005730563 5400 NOTICE Failed-Attempt: IBF request failed, IBFVersion=ibf-1.0 (win32), ConfigVersionId=8, Device IP Address=<WSA1IPADDRESS>, Device Port=62071, DestinationIPAddress=0.0.0.0, DestinationPort=1812, RadiusPacketType=AccessRequest, UserName=WSA, Protocol=Radius, RequestLatency=0, NetworkDeviceName=<WSA1>, User-Name=<removed>, NAS-IP-Address=<removed>, cisco-av-pair=entity-attr:request=*, cisco-av-pair=entity-attr:entity-id:ip=<CLIENTIP>, cisco-av-pair=entity-attr:cntl:notify=true, IbfSessionID=<CDASERVERNAME>/226267020/682525, SelectedAccessService=Network Access, Step=11001 , Step=11017 , Step=15012 , Step=12864 , Step=12866 , Step=11003 , Response={RadiusPacketType=AccessReject; },
Aug 13 08:20:50 <CDASERVERNAME> CSCOibf_RADIUS_Diagnostics 0002999936 1 0 2015-08-13 08:20:50.158 -05:00 0005730561 12866 INFO IBF_RADIUS_SERVER: Could not find identity in Identity Cache, IBFVersion=ibf-1.0 (win32), ConfigVersionId=8, Device IP Address=<WSA1>, Device Port=62071, DestinationIPAddress=0.0.0.0, DestinationPort=1812, RadiusPacketType=AccessRequest, RadiusIdentifier=14, User-Name=<removed>, NAS-IP-Address=<WSA1>, cisco-av-pair=entity-attr:request=*, cisco-av-pair=entity-attr:entity-id:ip=<CLIENTIP>, cisco-av-pair=entity-attr:cntl:notify=true, IbfSessionID=orwmgtnet202/226267020/682525, SelectedAccessService=Network Access,
The CDA agent indicates WSA1 is in-sync
C:\IBF\CLI>adacfg client status
Subscribed-IP Sync-Status
--------------- -----------
<removed> In-Sync
<removed> In-Sync
All the DCs are showing up
C:\IBF\CLI>adacfg dc list
Name Host/IP Username Domain-Name Latest Status
--------- -------------------- --------------- ----------- -------------
DRWDMC202 <removed> <removed> <removed> up
ORWDMC02 <removed> <removed> <removed>up
ORWDMC201 <removed> -<removed> <removed>up
ORWDMC202 <removed> <removed> <removed>up
SOWDMC201 <removed> <removed> <removed>up
The cache is populated, but it does appear to only have entries from only one of the 5 DCs that are defined and I don't see the client IP in question.
08-18-2015 05:40 AM
Hard to troubleshoot from just the above information. I recommend you open a TAC case and let our engineers take a look at things. Good luck - Tom
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide