Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ACS Radius Authentication Logs Question

System ACS 5.4

The following happens with both Cisco and HP switches that we have setup for port authentication using ACS for radius.

We also use Mitel phones. 

Ex. we take port authentication of the switch to do mainteance and when we reapply this the Mitel phones don't authenticate and when you look at 

the logs it shows weird usernames under the "usernames" section in the ACS...like "...WMT" 

The way our phones are setup is we have manually entered a username and password for 802.1x while setting up the same username and pw on the ACS. We do this instead of say MAC to port authentication because phones and people move offices so much.

I'm also reaseraching Mitel but not getting very far, It would help if I know the phones were somehow offering up this username instead of the one programmed or if the ACS is defaulting to this for some reason. 

appreciate any thoughts.

 

Thanks,

Derek

1 REPLY
Cisco Employee

Can you please provide the

Can you please provide the following info:

show run interface <interface-id>

 

debug radius

debug aaa authen

debug dot1x all 

NOTE: If your network is live, make sure that you understand the potential impact of any command.

Bounce the port and save the o/p of captures.

show auth session interface <interface>

Also, what error message do you see on the radius server?

 

Regards,

Jatin Katyal

*Do rate helpful posts*

~BR Jatin Katyal **Do rate helpful posts**
18
Views
0
Helpful
1
Replies