Logging multiple passed authentication in ACS

k.lapczuk · ‎05-23-2007

Hello,

I encountered the following: after successful 802.1x authentication, the "passed authentication" log on ACS is filling with "authen OK" logs from the same user - every 2 minutes one new entry. The reauthentication on the switch is for sure turned off. Every two minutes on user's WinXP station there is baloon info that network is now connected, and there is a break in pings (about 2-4 seconds). What is causing this, and how can it be removed? Switch 6500, Catos 8.5.8, ACS 4.1.3, WinXp are using machine authentication.

hookjnw99 · ‎05-25-2007

I am having a similar issue. The access switch is a 3560 running 12.2(25)SED1 going against ACS 4.1. Reauthentication is disabled in the port configuration and the workstations are configured with the AuthMode=2 and SupplicantMode=3 DWord registry settings.

Unlike your scenario, I only see one (the first) success entry in ACS until right at 14 hours later, when I start seeing one every 30 seconds or so. At that point, I see the same scenario you mention above with the client baloon message as well every 30 seconds. If someone else does not provide an answer or insight, perhaps we can collaborate and solve this issue ourselves.

-Jimmy

Premdeep Banga · ‎05-26-2007

Hi,

As in your case you are getting re-authentication again and again, though its turned off, then debugs would help in finding the actual cause,

set trace radius 4 (turns debugging on)

set trace dot1x 4 (turns debugging on)

set trace mon enable (turns trace monitoring on)

set trace dot1x 0 (turns debugging off)

set trace radius 0 (turns debugging off)

Regards,

Prem