×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

CALLER-ID not displayed in Failed Attempts ACS logs when RADIUS is used

Unanswered Question
Jan 7th, 2003
User Badges:

Under the 'Failed Attempts' log section of ACS, why is it that when people are Authenticating via RADIUS caller-id info does not get captured. This example is true for VPN3000 and WAP's. All my other devices which uses TACACS have no problems.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
gfullage Tue, 01/07/2003 - 15:51
User Badges:
  • Cisco Employee,

This is more that the devices that use Radius (your 3000 and WAP) don't send that particular attribute in their access request packets.


I just checked on a 3000 and it sends the users IP address as attribute 66, the Tunnel-Client-Endpoint (http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/secur_c/scprt6/scdradat.htm#xtocid4) which conforms to the standard, it's just a different way of doing it than IOS routers.


For the 3000, you can set up Radius Accounting by going under Config - System - Servers - Accounting and adding in your ACS server. Then on the ACS server go under System Config - Logging - Radius Accounting, and add the Tunnel-Client-Endpoint to the Logged Attributes column. Now when people connect to your 3000 it'll send accounting packets, and you can look at the Radius Accounting log on the ACS server to see their IP address. Of course, this'll only show you successful connections, not failed attempts, but unfortunately there's no way within ACS to get the Tunnel-Client-Endpoint attribute included in the Failed Attempts or the Passed Authentications log.


I'm no WAP expert but it may do a similar thing than the 3000.

Actions

This Discussion