Hector (and Stephen) - Are you both running PEAP w/ MS-CHAP v2? And do you force the use of any one supplicant (like Windows. Or Odyssey?) And for what it's worth I'm seeing this on Windows and Mac- but not all clients. Lee ________________________________
From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL PROTECTED] On Behalf Of Hector J Rios Sent: Thursday, June 12, 2008 9:47 PM To: [email protected] Subject: Re: [WIRELESS-LAN] Multiple RADIUS accounting "starts" for same client Lee, Just to let you know, we are running version 4.1 and have seen the same thing. I'd be interested to hear what TAC has to say. Hector Louisiana State University From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL PROTECTED] On Behalf Of Lee H Badman Sent: Thursday, June 12, 2008 3:09 PM To: [email protected] Subject: [WIRELESS-LAN] Multiple RADIUS accounting "starts" for same client Here's a weird one- wondering if anyone else may have experienced the same using LWAPP, WiSMs, 802.1x, and Cisco ACS. RADIUS Accounting log sample: Client Calling ID Framed IP Address Controller 6/10/2008 10:43:03 User1 Default Group 128.230.190.150 Start 484e92f6/00:17:f2:ef:21:a8/480066 128.230.85.69 29 10.21.0.21 6/10/2008 10:43:10 User1 Default Group 128.230.190.150 Start 484e92f6/00:17:f2:ef:21:a8/480066 128.230.193.201 29 10.21.0.21 6/10/2008 10:43:17 User1 Default Group 128.230.190.150 Start 484e92f6/00:17:f2:ef:21:a8/480066 128.230.106.64 29 10.21.0.43 6/10/2008 10:43:24 User1 Default Group 128.230.190.150 Start 484e92f6/00:17:f2:ef:21:a8/480066 128.230.45.246 29 10.21.0.41 6/10/2008 10:43:31 User1 Default Group 128.230.190.150 Start 484e92f6/00:17:f2:ef:21:a8/480066 128.230.195.59 29 10.21.0.23 6/10/2008 10:43:38 User1 Default Group 128.230.190.150 Start 484e92f6/00:17:f2:ef:21:a8/480066 128.230.149.78 29 10.21.0.29 Single user, multiple RADIUS starts reported, seven seconds apart. User IP (client calling ID) not matching Framed IP Address- and controllers that have APs that can't possibly be within client earshot all claiming to forward the RADIUS logging... If you look at the end column, it shows what controller is sending the RADIUS start. In this case, 6 different controllers are sending a "start". In the framed IP address column, there is no real-world indication that those addresses are being used in any shape or form- and many of them are on a different network than the user address in the Client Calling ID space. Sorta feels like corrupt data being reported. We are seeing this frequently enough to be noteworthy- but clients are sailing through the authentication process with absolutely no trouble or signs of behind-the scenes weirdness. Have opened a TAC case- but thought I'd float this to the group. (I can't tie this to any of the 150+ open caveats on the WiSMs). Thanks- Lee Lee H. Badman Wireless/Network Engineer Information Technology and Services Syracuse University 315 443-3003 ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
