×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

ACS / LEAP / AP1100 --> Logged-in users

Unanswered Question
Jul 11th, 2003
User Badges:

Hi,


I am using Cisco ACS with Cisco AP with LEAP, and in the ACS reports and Activity windows, when I click on the Logged-in users ... no user appear ... although users are connected.


The connected users appears in the Passed authentications ...


ANy help would be appreciated.


Frederic



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
derwin Mon, 07/14/2003 - 22:16
User Badges:
  • Cisco Employee,

Are you sure that the users are using leap


try debug dot11 aaa process on the ap while clients log on do you see LEAP working ??


If so and you are looking at the right ACS server then maybe it is a problem with the logging levels not being set correctly on the server

f-vanryckeghem Tue, 07/15/2003 - 02:40
User Badges:

Yes I am using LEAP ...

LEAP access defined in the ACU on my LAPTOP

LEAP configuration on the several Workgroup Bridges


And ... all these devices appears in the PAssed Authentications in the ACS.


But nothing in the logged-in users.


In the system configuration, in the logging Link, I have checked everything except the CSV accounting.


Is there another place in the ACS where we have to activate logging ?


Regards


Frederic


derwin Tue, 07/15/2003 - 02:53
User Badges:
  • Cisco Employee,

Q. My ACS "Logged in Users" report works with some devices, but not with others. What is the problem?


A. For the "Logged in Users" report to work (and this also applies to most other features involving sessions), packets should include at least the following fields:

Authentication Request packet


nas-ip-address

nas-port


Accounting Start packet


nas-ip-address

nas-port

session-id

framed-ip-address


Accounting Stop packet


nas-ip-address

nas-port

session-id

framed-ip-address


Attributes (such as nas-port and nas-ip-address) that appear in multiple packets should contain the same value in all packets.


If a connection is so brief that there is little time between the start and stop packets (for example, HTTP through the PIX), then logged-in users will not work either.


ACS version 3.0 allows the device to send either nas-port or nas-port-id.



Do you have accounting configured ?


This is from the ACS FAQ found here


http://www.cisco.com/warp/public/480/csntfaq.html#Q28

wanart Thu, 10/09/2003 - 05:53
User Badges:

Hi Derwin,

I have gone thru this FAQ and still not able to see Logged-in Users. I get Radius authentications and Passed Authentications but no logged-in users. Should I put a TAC case in to figure this out?

Thanks,

Mark Miner

wanart Thu, 10/09/2003 - 05:50
User Badges:

Did you ever get your logged-in Users to show up?

Thanks,

Mark Miner

Actions

This Discussion

 

 

Trending Topics - Security & Network