cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
877
Views
0
Helpful
5
Replies

ACS / LEAP / AP1100 --> Logged-in users

f-vanryckeghem
Level 1
Level 1

Hi,

I am using Cisco ACS with Cisco AP with LEAP, and in the ACS reports and Activity windows, when I click on the Logged-in users ... no user appear ... although users are connected.

The connected users appears in the Passed authentications ...

ANy help would be appreciated.

Frederic

5 Replies 5

derwin
Level 5
Level 5

Are you sure that the users are using leap

try debug dot11 aaa process on the ap while clients log on do you see LEAP working ??

If so and you are looking at the right ACS server then maybe it is a problem with the logging levels not being set correctly on the server

Yes I am using LEAP ...

LEAP access defined in the ACU on my LAPTOP

LEAP configuration on the several Workgroup Bridges

And ... all these devices appears in the PAssed Authentications in the ACS.

But nothing in the logged-in users.

In the system configuration, in the logging Link, I have checked everything except the CSV accounting.

Is there another place in the ACS where we have to activate logging ?

Regards

Frederic

Q. My ACS "Logged in Users" report works with some devices, but not with others. What is the problem?

A. For the "Logged in Users" report to work (and this also applies to most other features involving sessions), packets should include at least the following fields:

Authentication Request packet

nas-ip-address

nas-port

Accounting Start packet

nas-ip-address

nas-port

session-id

framed-ip-address

Accounting Stop packet

nas-ip-address

nas-port

session-id

framed-ip-address

Attributes (such as nas-port and nas-ip-address) that appear in multiple packets should contain the same value in all packets.

If a connection is so brief that there is little time between the start and stop packets (for example, HTTP through the PIX), then logged-in users will not work either.

ACS version 3.0 allows the device to send either nas-port or nas-port-id.

Do you have accounting configured ?

This is from the ACS FAQ found here

http://www.cisco.com/warp/public/480/csntfaq.html#Q28

Hi Derwin,

I have gone thru this FAQ and still not able to see Logged-in Users. I get Radius authentications and Passed Authentications but no logged-in users. Should I put a TAC case in to figure this out?

Thanks,

Mark Miner

Did you ever get your logged-in Users to show up?

Thanks,

Mark Miner

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: