Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

WCS user names sometimes incorrect with 802.1x FreeRadius

I'm not sure if this is a recent issue for our setup, but I've only just noticed it. Although most authenticated users are shown by their correct user names (which are required for 802.1x authentication), a few users show up in the WCS reports as "anonymous", and one as "anonymous@myabc.com", which are not valid usernames on our network.

I can track these users by MAC via our network registration database, but have not yet figured what makes their systems unique. All three in yesterday's report are Win 7. I don't see anything strange in the RADIUS logs, but have not yet caputured "debug" traces of wireless authentication from an anonymous user.

We are running WCS 7.0.172.0 , with a pair of WLC 4402 controllers running 7.0.116.0 . Our WPA2 Enterprise auth uses TTLS/PAP, with the SecureW2 supplicant for Windows.

Any hints where to look, or how to assure that WCS uses only the authenticated RADIUS approved identity for clients? Or, ideas on where these other names might be from?

Thanks,

Steve

Everyone's tags (2)
1 REPLY
New Member

Re: WCS user names sometimes incorrect with 802.1x FreeRadius

Turns out the funny names are set as optional outer idenities. Wondering how to make WCS ignore these:

https://supportforums.cisco.com/thread/2135497

Closing this thread, as the above is more focused on the issue...Um, how do I mark this topic as "answered", since the outer identity explains where the bogus names come from?

430
Views
0
Helpful
1
Replies
CreatePlease to create content