WCS user names sometimes incorrect with 802.1x FreeRadius

stevebohrer · ‎03-01-2012

I'm not sure if this is a recent issue for our setup, but I've only just noticed it. Although most authenticated users are shown by their correct user names (which are required for 802.1x authentication), a few users show up in the WCS reports as "anonymous", and one as "anonymous@myabc.com", which are not valid usernames on our network.

I can track these users by MAC via our network registration database, but have not yet figured what makes their systems unique. All three in yesterday's report are Win 7. I don't see anything strange in the RADIUS logs, but have not yet caputured "debug" traces of wireless authentication from an anonymous user.

We are running WCS 7.0.172.0 , with a pair of WLC 4402 controllers running 7.0.116.0 . Our WPA2 Enterprise auth uses TTLS/PAP, with the SecureW2 supplicant for Windows.

Any hints where to look, or how to assure that WCS uses only the authenticated RADIUS approved identity for clients? Or, ideas on where these other names might be from?

Thanks,

Steve

stevebohrer · ‎03-02-2012

Turns out the funny names are set as optional outer idenities. Wondering how to make WCS ignore these:

https://supportforums.cisco.com/thread/2135497

Closing this thread, as the above is more focused on the issue...Um, how do I mark this topic as "answered", since the outer identity explains where the bogus names come from?