Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
500
Views
0
Helpful
1
Replies

AAA Authentication taking too long

shaun.williamson
Level 1
Level 1

‎10-12-2006 08:18 PM - edited ‎03-10-2019 02:47 PM

Hi all,

After setting up ACS and using the CTA w/ Wired Supplicant for the RADIUS authentication i have hit a brick wall. It takes about 2 -3 minutes for the computer to log in. Once in windows i can disconnect and reconnect the supplicant and everything will work almost instantly, it is only on log on that is the problem.

I am using ACS 3.3 with Cisco 3560 switches.

From the CTA log files i get the following:

10/13/2006 14:04:21.244 [1076.1600] 76 I CN<18> AD<00e018b44686> Connection Authentication Success.

10/13/2006 14:04:21.260 [1076. 204] 78 I CN<18> AD<00e018b44686> Connection IP Address Received: Address: 10.105.1.3.

10/13/2006 14:07:16.426 [1076.1600] 29 I CN<18> AD<00e018b44686> Port State Machine transition to AC_PORT_STATE_REAUTHENTICATING(AC_PORT_STATUS_8021x_ACQUIRED)

10/13/2006 14:07:16.426 [1076.1600] 109 I CN<18> AD<00e018b44686> Connection Authentication Started in user context.

10/13/2006 14:07:16.473 [1076. 468] 24 I CN<18> AD<00e018b44686> Identity requested.

10/13/2006 14:07:16.473 [1076.1600] 25 I CN<18> AD<00e018b44686> Identity sent.

10/13/2006 14:07:16.504 [1076. 852] 28 I CN<18> AD<00e018b44686> Authentication method started: UNKNOWN(0, 25), level 0

10/13/2006 14:07:16.520 [1076.1600] 26 I CN<18> AD<00e018b44686> EAP method suggested by server: UNKNOWN(0, 25)

10/13/2006 14:07:16.520 [1076.1600] 27 I CN<18> AD<00e018b44686> EAP methods requested by client:

10/13/2006 14:07:16.536 [1076.1696] 28 I CN<18> AD<00e018b44686> Authentication method started: EAP-FAST, level 0

10/13/2006 14:07:16.551 [1076.1484] 73 I CN<18> Client is validating the server.

10/13/2006 14:07:16.551 [1076.1484] 140 I CN<18> Server AID validated: a79b73b9f53f42489dcfbcd02577dfcd

10/13/2006 14:07:16.708 [1076. 396] 28 I CN<18> AD<00e018b44686> Authentication method started: EAP-GTC, level 1

10/13/2006 14:07:16.723 [1076.1600] 26 I CN<18> AD<00e018b44686> EAP method suggested by server: EAP-GTC

10/13/2006 14:07:16.723 [1076.1600] 27 I CN<18> AD<00e018b44686> EAP methods requested by client: EAP-GTC

10/13/2006 14:07:16.739 [1076.1952] 24 I CN<18> AD<00e018b44686> Identity requested.

10/13/2006 14:07:16.739 [1076.1600] 25 I CN<18> AD<00e018b44686> Identity sent.

10/13/2006 14:07:16.926 [1076.1600] 29 I CN<18> AD<00e018b44686> Port State Machine transition to AC_PORT_STATE_AUTHENTICATED(AC_PORT_STATUS_EAP_SUCCESS)

10/13/2006 14:07:16.926 [1076.1600] 76 I CN<18> AD<00e018b44686> Connection Authentication Success.

10/13/2006 14:07:16.942 [1076.1228] 78 I CN<18> AD<00e018b44686> Connection IP Address Received: Address: 10.105.1.3.

Notice the 3 minutes when it attempts to reauth.

Any help would be much appretitated... I am out of ideas.

Cheers,

Shaun

Labels:
0 Helpful
1 Reply 1

vkapoor5
Level 5
Level 5

‎10-18-2006 04:58 PM

Use the following commands to check and also the the authentication depends on the server and the ACS you are using. The Memory size should also be considered.

debug ppp neg

debug aaa authent

debug aaa author

debug radius

0 Helpful
Customers Also Viewed These Support Documents