Logging multiple passed authentication in ACS

Unanswered Question
May 23rd, 2007
User Badges:


I encountered the following: after successful 802.1x authentication, the "passed authentication" log on ACS is filling with "authen OK" logs from the same user - every 2 minutes one new entry. The reauthentication on the switch is for sure turned off. Every two minutes on user's WinXP station there is baloon info that network is now connected, and there is a break in pings (about 2-4 seconds). What is causing this, and how can it be removed? Switch 6500, Catos 8.5.8, ACS 4.1.3, WinXp are using machine authentication.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
hookjnw99 Fri, 05/25/2007 - 07:50
User Badges:

I am having a similar issue. The access switch is a 3560 running 12.2(25)SED1 going against ACS 4.1. Reauthentication is disabled in the port configuration and the workstations are configured with the AuthMode=2 and SupplicantMode=3 DWord registry settings.

Unlike your scenario, I only see one (the first) success entry in ACS until right at 14 hours later, when I start seeing one every 30 seconds or so. At that point, I see the same scenario you mention above with the client baloon message as well every 30 seconds. If someone else does not provide an answer or insight, perhaps we can collaborate and solve this issue ourselves.


Premdeep Banga Sat, 05/26/2007 - 15:47
User Badges:
  • Gold, 750 points or more


As in your case you are getting re-authentication again and again, though its turned off, then debugs would help in finding the actual cause,

set trace radius 4 (turns debugging on)

set trace dot1x 4 (turns debugging on)

set trace mon enable (turns trace monitoring on)

set trace dot1x 0 (turns debugging off)

set trace radius 0 (turns debugging off)




This Discussion