Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

AAA Authentication taking too long

Hi all,

After setting up ACS and using the CTA w/ Wired Supplicant for the RADIUS authentication i have hit a brick wall. It takes about 2 -3 minutes for the computer to log in. Once in windows i can disconnect and reconnect the supplicant and everything will work almost instantly, it is only on log on that is the problem.

I am using ACS 3.3 with Cisco 3560 switches.

From the CTA log files i get the following:

10/13/2006 14:04:21.244 [1076.1600] 76 I CN<18> AD<00e018b44686> Connection Authentication Success.

10/13/2006 14:04:21.260 [1076. 204] 78 I CN<18> AD<00e018b44686> Connection IP Address Received: Address: 10.105.1.3.

10/13/2006 14:07:16.426 [1076.1600] 29 I CN<18> AD<00e018b44686> Port State Machine transition to AC_PORT_STATE_REAUTHENTICATING(AC_PORT_STATUS_8021x_ACQUIRED)

10/13/2006 14:07:16.426 [1076.1600] 109 I CN<18> AD<00e018b44686> Connection Authentication Started in user context.

10/13/2006 14:07:16.473 [1076. 468] 24 I CN<18> AD<00e018b44686> Identity requested.

10/13/2006 14:07:16.473 [1076.1600] 25 I CN<18> AD<00e018b44686> Identity sent.

10/13/2006 14:07:16.504 [1076. 852] 28 I CN<18> AD<00e018b44686> Authentication method started: UNKNOWN(0, 25), level 0

10/13/2006 14:07:16.520 [1076.1600] 26 I CN<18> AD<00e018b44686> EAP method suggested by server: UNKNOWN(0, 25)

10/13/2006 14:07:16.520 [1076.1600] 27 I CN<18> AD<00e018b44686> EAP methods requested by client:

10/13/2006 14:07:16.536 [1076.1696] 28 I CN<18> AD<00e018b44686> Authentication method started: EAP-FAST, level 0

10/13/2006 14:07:16.551 [1076.1484] 73 I CN<18> Client is validating the server.

10/13/2006 14:07:16.551 [1076.1484] 140 I CN<18> Server AID validated: a79b73b9f53f42489dcfbcd02577dfcd

10/13/2006 14:07:16.708 [1076. 396] 28 I CN<18> AD<00e018b44686> Authentication method started: EAP-GTC, level 1

10/13/2006 14:07:16.723 [1076.1600] 26 I CN<18> AD<00e018b44686> EAP method suggested by server: EAP-GTC

10/13/2006 14:07:16.723 [1076.1600] 27 I CN<18> AD<00e018b44686> EAP methods requested by client: EAP-GTC

10/13/2006 14:07:16.739 [1076.1952] 24 I CN<18> AD<00e018b44686> Identity requested.

10/13/2006 14:07:16.739 [1076.1600] 25 I CN<18> AD<00e018b44686> Identity sent.

10/13/2006 14:07:16.926 [1076.1600] 29 I CN<18> AD<00e018b44686> Port State Machine transition to AC_PORT_STATE_AUTHENTICATED(AC_PORT_STATUS_EAP_SUCCESS)

10/13/2006 14:07:16.926 [1076.1600] 76 I CN<18> AD<00e018b44686> Connection Authentication Success.

10/13/2006 14:07:16.942 [1076.1228] 78 I CN<18> AD<00e018b44686> Connection IP Address Received: Address: 10.105.1.3.

Notice the 3 minutes when it attempts to reauth.

Any help would be much appretitated... I am out of ideas.

Cheers,

Shaun

1 REPLY
Bronze

Re: AAA Authentication taking too long

Use the following commands to check and also the the authentication depends on the server and the ACS you are using. The Memory size should also be considered.

debug ppp neg

debug aaa authent

debug aaa author

debug radius

259
Views
0
Helpful
1
Replies