Advertisement

05.06.2008 at 12:47PM PDT, ID: 23380716 | Points: 250
[x]
Attachment Details

Cisco ACS authentication issue

Zones: Network Analysis Software, Cisco PIX Firewall, Network Security
Tags: cisco, acs, 4.1
I have configure Cisco ACS v4.1 to control network accessing. When a domain user logon, it takes a few seconds to logon using credentials. However, it takes around 1 minute to get the authentication successfully. The problem is the computer can't talk to the DHCP and DC. The network status shows Limits or not connectivity. The ipconfig shows it uses auto ip address 169.254.x.x. To obtain an IP or talk to the DC, the user needs to enter ipconfig /renew or re-logon. How do you troubleshoot it?
Start your free trial to view this solution
Question Stats
Zone: Networking
Question Asked By: blin2000
Question Asked On: 05.06.2008
Participating Experts: 1
Points: 250
Views: 0
Translate:
Loading Advertisement...
05.07.2008 at 06:09PM PDT, ID: 21521632

Rank: Guru

nodisco:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
05.08.2008 at 02:14PM PDT, ID: 21528527
blin2000:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
05.19.2008 at 10:12AM PDT, ID: 21599643
blin2000:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
05.19.2008 at 03:26PM PDT, ID: 21602143

Rank: Guru

nodisco:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
06.16.2008 at 09:34AM PDT, ID: 21795220
blin2000:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
 
Loading Advertisement...
Microsoft
  • Internet Protocols
  • Applications
  • Development
  • OS
  • Hardware
  • Windows Security
Apple
  • Operating Systems
  • Hardware
  • Programming
  • Networking
  • Software
Internet
  • Search Engines
  • File Sharing
  • WebTrends / Stats
  • Spy / Ad Blockers
  • Web Browsers
  • New Net Users
  • Web Development
  • Chat / IM
  • Anti Spam
  • Web Servers
  • Anti-Virus
  • Email Clients
Gamers
  • Tips
  • Online / MMORPG
  • Puzzle
  • Emulators
  • Action / Adventure
  • Role Playing
  • Consoles
  • Game Programming
  • Strategy
  • Sports
  • Misc
  • Computer Games
Digital Living
  • Hardware
  • Automotive
  • New Net Users
  • New Users
  • Software
  • Digital Music
  • Gaming World
  • Home Security
  • Apple
  • Networking Hardware
Virus & Spyware
  • Vulnerabilities
  • IDS
  • Encryption
  • Anti-Virus
  • Operating Systems Security
  • Software Firewalls
  • WebApplications
  • Cell Phones
  • Operating Systems
  • Internet
  • Hardware Firewalls
Hardware
  • Displays / Monitors
  • Handhelds / PDAs
  • Components
  • Peripherals
  • Laptops/Notebooks
  • Servers
  • Misc
  • Apple
  • Embedded Hardware
  • Networking Hardware
  • Storage
  • Desktops
  • New Users
Software
  • System Utilities
  • Industry Specific
  • Network Management
  • Photos / Graphics
  • Page Layout
  • VMware
  • Misc
  • Web Development
  • OS
  • CYGWIN
  • Voice Recognition
  • Virtualization
  • Message Queue
  • Quality Assurance
  • Security
  • Firewalls
  • MultiMedia Applications
  • Development
  • Database
  • Office / Productivity
  • Business Management
  • OS/2 Apps
  • Server Software
  • Internet / Email
ITPro
  • OS
  • Storage
  • Encryption
  • Operating Systems Security
  • Apple Hardware
  • Laptops & Notebooks
  • Servers
  • Networking Hardware
  • Peripherals
  • Devices
  • Displays / Monitors
  • WebTrends / Stats
  • Search Engines
  • Firewalls
  • Web Computing
  • WebApplications
  • IDS
  • Vulnerabilities
  • Email Clients
  • File Sharing
  • Spy / Ad Blockers
  • Web Browsers
  • Web Servers
  • Networking
  • Anti-Virus
  • Consulting
  • Chat / IM
  • Anti Spam
Developer
  • Web Servers
  • Web Browsers
  • Game Programming
  • Dev Tools
  • Industry Specific
  • Office / Productivity
  • Database
  • CYGWIN
  • Web Development
  • Search Engines
  • File Sharing
  • WebTrends / Stats
  • Programming
  • Content Management
  • Application Servers
  • Protocols
Storage
  • Removable Backup Media
  • Storage Technology
  • Servers
  • Grid
  • Remote Access
  • Backup / Restore
  • Misc
  • Hard Drives
OS
  • Miscellaneous
  • Security
  • Development
  • Linux
  • VMware
  • MainFrame OS
  • Unix
  • Apple
  • OS / 2
  • AS / 400
  • BeOS
  • Microsoft
  • VMS / OpenVMS
Database
  • Oracle
  • Miscellaneous
  • MySQL
  • Software
  • Sybase
  • Contact Management
  • PostgreSQL
  • Data Manipulation
  • Clarion
  • InterSystems Cache
  • Siebel
  • MUMPS
  • OLAP
  • SQLBase
  • SAS
  • GIS & GPS
  • 4GL
  • Berkeley DB
  • DB2
  • Informix
  • Interbase / Firebird
  • FoxPro
  • Reporting
  • LDAP
  • Filemaker Pro
  • MS SQL Server
  • dBase
  • MS Access
Security
  • Misc
  • Web Browsers
  • Software Firewalls
  • Operating Systems Security
  • File Sharing
  • Spy / Ad Blockers
  • Vulnerabilities
  • WebApplications
  • IDS
  • Anti-Virus
  • Encryption
  • Anti Spam
  • Email Clients
  • VPN
  • Chat / IM
Programming
  • Editors IDEs
  • Installation
  • Handhelds / PDAs
  • Multimedia Programming
  • System / Kernel
  • Automation
  • Algorithms
  • Game
  • Signal Processing
  • Project Management
  • Open Source
  • Database
  • Misc
  • Languages
  • Processor Platforms
  • Theory
Web Development
  • Scripting
  • Blogs
  • Web Servers
  • Software
  • Search Engines
  • Web Graphics
  • Web Services
  • Images
  • Internet Marketing
  • Images and Photos
  • Components
  • Document Imaging
  • Web Languages/Standards
  • Illustration
  • WebApplications
  • Fonts
  • WebTrends / Stats
  • Authoring
  • Digital Camera Software
  • Miscellaneous
Networking
  • Protocols
  • Apple Networking
  • Network Management
  • Message Queue
  • Application Servers
  • Content Management
  • File Servers
  • Email Servers
  • Misc
  • Java Editors & IDEs
  • Wireless
  • Networking Hardware
  • Backup / Restore
  • System Utilities
  • ISPs & Hosting
  • Web Servers
  • Storage Technology
  • Removable Backup Media
  • Servers
  • Web Computing
  • Broadband
  • Grid
  • OS / 2
  • Novell Netware
  • Unix Networking
  • Windows Networking
  • Security
  • Telecommunications
  • Operating Systems
  • Linux Networking
Other
  • Lounge
  • Business Travel
  • Community Support
  • New Net Users
  • Philosophy / Religion
  • Math / Science
  • Miscellaneous
  • URLs
  • Expert Lounge
  • Politics
  • Puzzles / Riddles
  • Automotive
Community Support
  • Suggestions
  • New to EE
  • New Topics
  • CleanUp
  • Announcements
  • General
  • Feedback
  • Input
  • EE Bugs
 
05.07.2008 at 06:09PM PDT, ID: 21521632

Rank: Guru

nodisco:
Is this trying to authenticate VPN users?  You look like you have a DHCP specific issue rather than anything with ACS.

Pls confirm how the users are logging in

cheers
 
05.08.2008 at 02:14PM PDT, ID: 21528527
blin2000:
No, it is not VPN user. Just LAN users. If we don't configure port to use dot1x, it works and it has been working fo rmany years. The normal logon takes just seconds without ACS.  I also find the computer will receive an IP address from DHCP after logon 5 minutes. The problem is that authentication takes too longer to get pass, the computer uses windows credentials to logon. The port led take over one minutes to become green from orange.
 
05.19.2008 at 10:12AM PDT, ID: 21599643
blin2000:
I have installed wireshark on one of our XP. he capture result can be found this link: http://chicagotech.net/images/acssniffing.gif.

What I did is running wireshark after logon without network and plug the cable. Based on the sniffing, The computer try to talk to the DHCP and can't get an Ip until 25 seconds.

Normally, it takes the XP logon and maps the network drives in 5 seconds if it doesn't connect to authentication port.
 
05.19.2008 at 03:26PM PDT, ID: 21602143

Rank: Guru

nodisco:
I am not v familiar with 802.1X but if the issue doesn't occur when its enabled, there may be a config issue.

Check your IOS version is not out of date and have a look at this doc re 802.1X auth setup - it may highlight a minor issue you have overlooked

good luck

http://www.cisco.com/en/US/docs/switches/lan/catalyst4000/7.6/configuration/guide/8021x.html
 
06.16.2008 at 09:34AM PDT, ID: 21795220
blin2000:
Update. It is Cisco configuration issue. The Cisco Engineer forgot to check machine authentication.
 
 
20080236-EE-VQP-29 / EE_QW_2_20070628