Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5836
Views
10
Helpful
3
Replies

Failed attempts on radius from a strange user

Amjad Abdullah
VIP Alumni
VIP Alumni

‎05-12-2012 10:40 PM - edited ‎07-03-2021 10:09 PM

Hello all,

I have ACS server 4.2 and I have noticed that there are too many failed attempts from usernames just like:

1420032219455258@wlan.mnc003.mcc420.3gppnetwork.org

1420032127027457@wlan.mnc003.mcc420.3gppnetwork.org

The number before the "@" changes for different users! (I am not ev

I tried to search for those I noticed it is something related to using 3G networks over Wi-Fi!!

I am not familiar with this technology (if my undrestanding about thi is correct).

I just want to know what type of devices would possibly use this feature (what mobile phones vendors for example) and how to stop it (configure it correctly on the end station).

apprecaite your help.

Amjad

Rating useful replies is more useful than saying "Thank you"
Labels:
0 Helpful
3 Replies 3

maldehne
Cisco Employee
Cisco Employee

‎05-13-2012 12:57 AM

Hey Amjad

First of all , you need to know which AAA client submit authentication requests with such user ids.

If it is wireless supporting equipment such as WLC or autonomous AP, you need to verify if you have SSIDs

configured for dot1x. The reason why those clients might be using special type of EAP that is not supported

on your ACS 4.x. You need to check the EAP types configured , the failed attempts as well the auth.log the RDS.log

in package.cab after making sure to set the logging level to full.

Then you should try to track those devices and identify where they might be located within your premises.

Cheers

Amjad Abdullah
VIP Alumni
VIP Alumni
In response to maldehne

‎05-13-2012 01:48 AM

Thanks Mohammad for your quick reply.

I already know that failed attempt is due improper configuratoin on client. failure code in ACS is "EAP type not configured". Those stations -that high likely a mobile phones - usually use EAP-SIM which is not even supported by our ACS.

EAP-SIM configuration by default has "User name in Use" configured as "From SIM card". This is why we possibly seeing those.

Tracking the device is very difficult due to users are mobile and there are too many users around in same area/areas.

I just now successfully isolated that all devices reported this are Nokia devices!! Now it is easier to go to some area and ask about those who have Nokia phones rather than checking everyone's phone.

Thanks ya m3almi.

Amjad

Rating useful replies is more useful than saying "Thank you"
0 Helpful

maldehne
Cisco Employee
Cisco Employee
In response to Amjad Abdullah

‎05-13-2012 02:38 AM

I said So , but just wanted to confirm it systematically.

yalla rate me ya m3alim

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card