I have ACS server 4.2 and I have noticed that there are too many failed attempts from usernames just like:
The number before the "@" changes for different users! (I am not ev
I tried to search for those I noticed it is something related to using 3G networks over Wi-Fi!!
I am not familiar with this technology (if my undrestanding about thi is correct).
I just want to know what type of devices would possibly use this feature (what mobile phones vendors for example) and how to stop it (configure it correctly on the end station).
apprecaite your help.
First of all , you need to know which AAA client submit authentication requests with such user ids.
If it is wireless supporting equipment such as WLC or autonomous AP, you need to verify if you have SSIDs
configured for dot1x. The reason why those clients might be using special type of EAP that is not supported
on your ACS 4.x. You need to check the EAP types configured , the failed attempts as well the auth.log the RDS.log
in package.cab after making sure to set the logging level to full.
Then you should try to track those devices and identify where they might be located within your premises.
Thanks Mohammad for your quick reply.
I already know that failed attempt is due improper configuratoin on client. failure code in ACS is "EAP type not configured". Those stations -that high likely a mobile phones - usually use EAP-SIM which is not even supported by our ACS.
EAP-SIM configuration by default has "User name in Use" configured as "From SIM card". This is why we possibly seeing those.
Tracking the device is very difficult due to users are mobile and there are too many users around in same area/areas.
I just now successfully isolated that all devices reported this are Nokia devices!! Now it is easier to go to some area and ask about those who have Nokia phones rather than checking everyone's phone.
Thanks ya m3almi.