PPP CHAP re-authentication timer , detectable ?

I think PPP with CHAP has an interval or periodic timer that triggers a re-authentication.
I cannot find a timer setting to set the interval.
Neither can i find a show command that will show me the timer.
If this is a randomized timer, then it is clear that it is not showing these timers, but..
How would i be able to DETECT when a re-authentication has happened ? How long should i monitor a CPE to check if a CHAP re-authentication has happened ?
I am using these debugs:
PPP authentication debugging
PPP protocol negotiation debugging
PPPoE protocol events debugging
but has not seen a CHAP event yet.
The setup is a 1006 as BRAS with SB-radius, 867VAE and other Cisco DSL clients using PPPoE.
So my Q's;
- is CHAP re-authentication detectable ? how  ? what average timers ?
- Is the interval settable  ? how

Include on the ppp authentication ms-chap, and enable the same on the radius server.

Similar Messages

  • Ppp chap password

    Hello,
    I am trying to understand the purpose of the "ppp chap password "command in dialer and ISDN interface configurations, i.e., what is the reason and usage of this. Unfortunately, looking into IOS command guides and references did not help me much.
    My understanding is, if a router receive a challange, and that hostname/password is not defined locally, chap will use 'ppp chap password ' to generate a hash. Please correct if i'm wrong.
    Therefore in this case, if i tried putting this cmd in both routers without username/password defined, ppp should pass the authentication. But its not.
    Anyone can reply.

    Hi Friend,
    CHAP authentication, on the other hand, periodically verifies the identity of the remote node using a three-way handshake.
    After the PPP link is established, the host sends a "challenge" message to the remote node.
    Remember the remote node responds with a value calculated using a one-way hash function.
    The host checks the response against its own calculation of the expected hash value.
    If the values match, the authentication is acknowledged; otherwise, the connection is terminated.
    So if you do not have hostname and passwword defined at the remote end it will perform a hash function and that value will not at all match with the sending host generated value so the connection will be terminated.
    And that is the reason for CHAP authentication to have a secure authentication for establishing a conenction.
    HTH, if yes please rate the post.
    Ankur

  • Time detection is broken in Mac OS 10.9.1.

    Time detection is broken in Mac OS 10.9.1. I'm living in Minsk (GMT +3). Time zone detects correctly, updating time from servers is turned on. But time is always leads +3 hours. How to fix it? Maybe time settings conflics with Windows 7?

    Set" TimeZone Support" to OFF.

  • Authentication time-outs and delays

    hello
    we have got a scenario which our enterprise environment  discovered as authentication time-outs and delays , the all authentication is NTLM only , we also using many devices such as smartphone and other moiled components ,any option or way to get fix
    that kind of issue
    thanks in advanced
    ivan bikmbauer 

    On Mon, 25 Aug 2014 11:37:47 +0000, Shuki Noy wrote:
    ask me security question
    but ask something very complicated
    This has nothing to do with your technical knowledge, the issue here is
    that you're artificially attempting to increase your forum points by
    creating fake profiles, posting "questions", posting responses using your
    own profile and then using the fake profiles to mark your own responses as
    "answers".
    I am not going to continue this discussion in the forum as it is off-topic
    and wastes everyone's time.
    I notice that you didn't answer my questions about your TechNet Gallery
    contributions.
    If you want to continue this discussion then you can do so over email. My
    email address is pkadare @ gmail.com
    Paul Adare - FIM CM MVP
    "Quoted-Printable: a standard for mangling Internet messages
    Quoted-Unreadable: the result of applying said standard
    Unquoted-Unprintable: the comments from the recipients of the above" -- bf8

  • Slow authentication time for new BM 3.7 Radius server

    Hi,
    We are runnign BM 3.7 Radius, authentication only and it works fine on the
    original box. I have to decomssion that box and have configured a new server
    to replace it. The problem is on the new server the authentication time goes
    from 1 sec (from request accepted to logging start on the radius screen) to
    20 secs. this is dropping some of our remote clients off. Any idea what is
    the problem?
    Servers are NW 6 Sp3, BM3.7 Sp2.
    I have been searching all day and can't find anything on it.
    many thanks,
    Gawain :)

    Replica placement?
    Craig Johnson
    Novell Support Connection SysOp
    *** For a current patch list, tips, handy files and books on
    BorderManager, go to http://www.craigjconsulting.com ***

  • Authentication/Time issue

    iTunes U has just started rejecting our authentication credentials, debug shows that the credentials are valid but originated too far in the past. We understand there is a 90 second time window. We seem to be within a few seconds of Apple's time server.
    Bumping the time ahead by one minute on our server allows the scripts to start working... but then fail again (like the next day)
    Is it possible that the server that generates our tokens on Apple's side might be out of phase?
    Any help would be appreciated.
    thanks
    db

    I don't want to rule out the possibility that Apple's clocks are out-of-phase ... but if what you're describing were happening at our site, I would so totally think it a problem with our clocks. The reason is that such a wide variety of computers hook up with Apple ... we probably all sink or swim together on this.
    But hey, lessay there is some kind of problem with Apple's iTunes U clock. A sneaky, sneaky way of fixing it would be to tell your server to use Apple's NTP server as it's NTP server. That way, if Apple's clock is wrong, yours will be wrong by the same amount.
    NTP to time.apple.com

  • Prince Of Persia Sands Of Time Detection

    I Have an MSI GForce4 MX440 with AGP 8x 64MB. i just bought Prince of persia sands of time, and the game is not detecting my graphics card. ive tried installing the latest drivers from MSI. but there is no difference. the game requires a GForce 3 equivalent card as minimum. so i dont understand why it isent detecting the gfx card. My system specs are given below. Could someone please please please help me out here.

    Source
    Your computer
    must meet or exceed these minimum requirements:
    Operating System: Windows 98 SE/ 2000/ ME/ XP (ONLY)
    Processor: 800 MHz Pentium III or AMD Athlon
    Memory: 256 MB of RAM
    Video Card: 64 MB GeForce 3 or higher, or ATI Radeon 8500 or higher,
    Matrox Parhelia. (GeForce4 MX not supported)
    Sound Card: DirectX 9.0 or higher compatible sound card
    DirectX: Versions 9.0 or higher (included on game disc)
    Hard Drive Space: 1.5 GB minimum hard drive space
    CD-ROM: 16X or better (not recommended for use with CD-RWs)
    Additional Supported Peripherals: ThrustMaster FIRESTORM Dual Analog
    3
    Controls: Windows-compatible keyboard and
    mouse

  • Password window for authentication times out...

    Hey all, I tried to get some responses on this last year, with no success so I am trying again.
    I have not been able to install software updates for many months. When I select "Install updates", my authentication [password] window pops up. I can not get a blinking icon in the password window, nor will it let me type. I just get the pinwheel and after about 8 seconds, the window closes.
    I have tried rebooting, booting with startup disc, ctrl + apple + R + P reboot 3 times, etc.
    Was told to install Snow Leopard and so I bought it today. BUT, to install it, yep, I need to enter my password which it will not allow me to do.
    Any help is greatly appreciated!

    Sorry to hear you got no responses, let's see what we can do here now!
    Could be many things, but it's best to start with these two steps, which may fix it also...
    "Try Disk Utility
    1. Insert the Tiger Mac OS X Install disc , then restart the computer while holding the C key.
    2. When your computer finishes starting up from the disc, choose Disk Utility from the Installer menu. (In Mac OS X 10.4 or later, *you must select your language first.)*
    *Important: Do not click Continue in the first screen of the Installer. If you do, you must restart from the disc again to access Disk Utility.*
    3. Click the First Aid tab.
    4. Click the disclosure triangle to the left of the hard drive icon to display the names of your hard disk volumes and partitions.
    5. Select your Mac OS X volume.
    6. Click Repair. Disk Utility checks and repairs the disk."
    Then Safe Boot , (holding Shift key down at bootup), run Disk Utility in Applications>Utilities, then highlight your drive, click on Repair Permissions, reboot when it finishes.
    Safe Boot... holding Shift key down at bootup. Safe Boot is a special way to start Mac OS X 10.2 or later when troubleshooting.
    How do I reset a Mac OS X Keychain Password?...
    http://www.tech-faq.com/reset-mac-os-x-keychain-password.shtml
    http://support.apple.com/kb/HT1631
    Open Keychain Access in Utilities, use Keychain First Aid under the Menu item.
    Resetting your keychain in Mac OS X...
    If Keychain First Aid finds an issue that it cannot repair, or if you do not know your keychain password, you may need to reset your keychain.
    http://support.apple.com/kb/TS1544
    Drag this file to the desktop and reboot...
    /Users/YourUserName/Library/Preferences/com.apple.keychainaccess.plist
    Mac OS X 10.4: Keychain Access asks for keychain "login" after changing login password...
    http://support.apple.com/kb/HT1631
    Re: Keychain is no longer able to update itself when I upgrade an application...
    http://unsanity.org/archives/2007_01.php
    Posted: Apr 15, 2009 3:18 PM in response to: Andrew Nellis
    I found a solution to my problem via Google: <http://unsanity.org/archives/2007_01.php>. The problem the author describes sounds more or less exactly like the problem I was having. I followed his solution of deleting my var/db/CodeEquivalenceDatabase file, and everything seems to be going smoothly.

  • Performance hit implementing last authentication time (pwdKeppLastAuthTime)

    I have a DSEE 6.1 installation running on solaris 10.
    There are about 100 users in the directory, but soon to have another 3000 added as it is properly productionized.
    I notice there is a warning that pwdKeepLastAuthTime feature is not activated by default as it adds an update for each successful bind operation.
    I wanted to enable this so set:
    dsconf set-server-prop pwd-keep-last-auth-time-enabled:on
    This has resulted in the db size <instance>/db increasing 100 fold from ~10mb to ~1gb.
    The memory size is now at ~800mb.
    Is this expected behaviour?

    /opt/ds/db" > ls -l
    total 137126
    -rw------- 1 nobody nobody 24576 Oct 31 09:21 __db.001
    -rw------- 1 nobody nobody 10264576 Nov 13 00:53 __db.002
    -rw------- 1 nobody nobody 41951232 Nov 13 00:53 __db.003
    -rw------- 1 nobody nobody 1572864 Nov 13 00:53 __db.004
    -rw------- 1 nobody nobody 11313152 Nov 13 00:53 __db.005
    -rw------- 1 nobody nobody 65536 Nov 13 00:53 __db.006
    -rw------- 1 nobody nobody 38 May 31 16:16 DBVERSION
    -rw------- 1 nobody nobody 10485760 Nov 13 09:02 log.0000001204
    drwx------ 2 nobody nobody 1536 Sep 6 12:07 zeus
    "/opt/ds/db" > du -sk *
    24 __db.001
    10032 __db.002
    41000 __db.003
    1544 __db.004
    11056 __db.005
    64 __db.006
    1 DBVERSION
    4904 log.0000001204
    1339315 zeus
    opt/ds/db/zeus" > ls -l
    total 2678626
    -rw------- 1 nobody nobody 1369350144 Nov 13 09:03 cl5dc_zeus_dc_ghsewn_dc_com463ff1cb000000010000.db3
    -rw------- 1 nobody nobody 38 Jun 1 11:55 DBVERSION
    -rw------- 1 nobody nobody 16384 Jun 21 12:47 zeus_aci.db3
    -rw------- 1 nobody nobody 16384 Oct 31 09:37 zeus_ancestorid.db3
    -rw------- 1 nobody nobody 81920 Oct 31 09:37 zeus_cn.db3
    -rw------- 1 nobody nobody 32768 Oct 31 09:37 zeus_entrydn.db3
    -rw------- 1 nobody nobody 16384 Oct 31 09:37 zeus_gidnumber.db3
    -rw------- 1 nobody nobody 909312 Nov 13 09:03 zeus_id2entry.db3
    -rw------- 1 nobody nobody 16384 Aug 10 14:52 zeus_nisnetgrouptriple.db3
    -rw------- 1 nobody nobody 16384 Nov 7 09:38 zeus_nscpEntryDN.db3
    -rw------- 1 nobody nobody 16384 Jun 1 11:57 zeus_nsds5ReplConflict.db3
    -rw------- 1 nobody nobody 16384 Oct 31 09:37 zeus_nsRoleDN.db3
    -rw------- 1 nobody nobody 40960 Nov 7 09:38 zeus_nsuniqueid.db3
    -rw------- 1 nobody nobody 16384 Jun 13 11:26 zeus_numsubordinates.db3
    -rw------- 1 nobody nobody 24576 Nov 7 09:38 zeus_objectclass.db3
    -rw------- 1 nobody nobody 16384 Oct 31 09:37 zeus_parentid.db3
    -rw------- 1 nobody nobody 16384 Nov 11 16:18 zeus_pwdaccountlockedtime.db3
    -rw------- 1 nobody nobody 16384 Nov 12 15:00 zeus_pwdfailuretime.db3
    -rw------- 1 nobody nobody 16384 Nov 9 11:46 zeus_pwdgraceusetime.db3
    -rw------- 1 nobody nobody 16384 Jun 20 16:07 zeus_sn.db3
    -rw------- 1 nobody nobody 16384 Jun 20 09:50 zeus_sudoUser.db3
    -rw------- 1 nobody nobody 16384 Oct 31 09:37 zeus_uid.db3
    -rw------- 1 nobody nobody 16384 Oct 31 09:37 zeus_uidNumber.db3
    -rw------- 1 nobody nobody 16384 Oct 24 13:03 zeus_vlv#zeusghsewncomgetgrent.db3
    -rw------- 1 nobody nobody 16384 Aug 10 14:52 zeus_vlv#zeusghsewncomgetngrpent.db3
    -rw------- 1 nobody nobody 16384 Nov 13 08:57 zeus_vlv#zeusghsewncomgetpwent.db3
    -rw------- 1 nobody nobody 16384 Nov 13 08:57 zeus_vlv#zeusghsewncomgetspent.db3
    "/opt/ds/db/zeus" > du -sk *
    1337920 cl5dc_zeus_dc_ghsewn_dc_com463ff1cb000000010000.db3
    1 DBVERSION
    16 zeus_aci.db3
    16 zeus_ancestorid.db3
    80 zeus_cn.db3
    32 zeus_entrydn.db3
    16 zeus_gidnumber.db3
    896 zeus_id2entry.db3
    16 zeus_nisnetgrouptriple.db3
    16 zeus_nscpEntryDN.db3
    16 zeus_nsds5ReplConflict.db3
    16 zeus_nsRoleDN.db3
    40 zeus_nsuniqueid.db3
    16 zeus_numsubordinates.db3
    24 zeus_objectclass.db3
    16 zeus_parentid.db3
    16 zeus_pwdaccountlockedtime.db3
    16 zeus_pwdfailuretime.db3
    16 zeus_pwdgraceusetime.db3
    16 zeus_sn.db3
    16 zeus_sudoUser.db3
    16 zeus_uid.db3
    16 zeus_uidNumber.db3
    16 zeus_vlv#zeusghsewncomgetgrent.db3
    16 zeus_vlv#zeusghsewncomgetngrpent.db3
    16 zeus_vlv#zeusghsewncomgetpwent.db3
    16 zeus_vlv#zeusghsewncomgetspent.db3

  • Why can't I use remote router's name for CHAP authentication - ISDN

    Hello there,
    I've got a problem: we have sent ISDN router to client, but now it looks like we can't connect to it, it says :
    18w3d: %ISDN-6-CONNECT: Interface BRI0:1 is now connected to 0555555555
    *Jul 7 07:55:13.735: BR0:1 PPP: Treating connection as a callout
    *Jul 7 07:55:13.735: ISDN BR0: Event: Connected to 0555555555 on B1 at 64 Kb/s
    *Jul 7 07:55:13.739: ISDN BR0: TX -> CONNECT_ACK pd = 8 callref = 0x52
    *Jul 7 07:55:13.810: BR0:1 PPP: Phase is AUTHENTICATING, by the peer
    *Jul 7 07:55:14.012: BR0:1 CHAP: I CHALLENGE id 134 len 32 from "router1"
    *Jul 7 07:55:14.016: BR0:1 CHAP: Ignoring Challenge with local name
    18w3d: %ISDN-6-CONNECT: Interface BRI0:1 is now connected to 0555555555
    *Jul 7 07:55:23.845: BR0:1 CHAP: I CHALLENGE id 135 len 32 from "router1"
    *Jul 7 07:55:23.849: BR0:1 CHAP: Ignoring Challenge with local name
    *Jul 7 07:55:33.860: BR0:1 CHAP: I CHALLENGE id 136 len 32 from "router1"
    *Jul 7 07:55:33.864: BR0:1 CHAP: Ignoring Challenge with local name
    *Jul 7 07:55:43.876: BR0:1 CHAP: I CHALLENGE id 137 len 32 from "router1"
    *Jul 7 07:55:43.880: BR0:1 CHAP: Ignoring Challenge with local name
    *Jul 7 07:55:53.895: BR0:1 CHAP: I CHALLENGE id 138 len 32 from "router1"
    why does it not allow connection with hostname as router's one ? What else can I do to connect to it remotely ?
    Thanks,
    Alex

    OK, I understand the problem, and I think I can propose a procedure that will yield a solution. But first I need to know:
    1. Which of the routers do you have access to locally, and do you know all the configured passwords?
    2. On the remote router (the one you do not have physical access to), is it configured in such a way that once you do get the call up and running, you can configure it via telnet?
    3. Do you know the ISDN dialer string to dial from your normally-called to your normally-calling?
    Kevin Dorrell
    Luxembourg

  • L2TP / CHAP Authentication Faliure OS X Server Yosemite 10.10.1

    Hello everyone, I saw this problem come up in older versions of server and solutions revolved around group manager but its not available for Yosesmite.
    Here is the log I get
    Fri Jan 23 02:05:24 2015 : L2TP incoming call in progress from '192.168.0.13'...
    Fri Jan 23 02:05:24 2015 : L2TP received SCCRQ
    Fri Jan 23 02:05:24 2015 : L2TP sent SCCRP
    Fri Jan 23 02:05:24 2015 : L2TP received SCCCN
    Fri Jan 23 02:05:24 2015 : L2TP received ICRQ
    Fri Jan 23 02:05:24 2015 : L2TP sent ICRP
    Fri Jan 23 02:05:24 2015 : L2TP received ICCN
    Fri Jan 23 02:05:24 2015 : L2TP connection established.
    Fri Jan 23 02:05:24 2015 : using link 0
    Fri Jan 23 02:05:24 2015 : Using interface ppp0
    Fri Jan 23 02:05:24 2015 : Connect: ppp0 <--> socket[34:18]
    Fri Jan 23 02:05:24 2015 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x359a7585> <pcomp> <accomp>]
    Fri Jan 23 02:05:24 2015 : rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0xd74787e> <pcomp> <accomp>]
    Fri Jan 23 02:05:24 2015 : lcp_reqci: returning CONFACK.
    Fri Jan 23 02:05:24 2015 : sent [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0xd74787e> <pcomp> <accomp>]
    Fri Jan 23 02:05:27 2015 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x359a7585> <pcomp> <accomp>]
    Fri Jan 23 02:05:27 2015 : rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x359a7585> <pcomp> <accomp>]
    Fri Jan 23 02:05:27 2015 : sent [LCP EchoReq id=0x0 magic=0x359a7585]
    Fri Jan 23 02:05:27 2015 : sent [CHAP Challenge id=0x66 <0e68752c580b611f2a31274224020b62>, name = "Balazs-Toths-MacBook-Pro.local"]
    Fri Jan 23 02:05:27 2015 : rcvd [LCP EchoReq id=0x0 magic=0xd74787e]
    Fri Jan 23 02:05:27 2015 : sent [LCP EchoRep id=0x0 magic=0x359a7585]
    Fri Jan 23 02:05:27 2015 : rcvd [LCP EchoRep id=0x0 magic=0xd74787e]
    Fri Jan 23 02:05:27 2015 : rcvd [CHAP Response id=0x66 <fd352d7f198c134b3a976260b88a9dd70000000000000000eaaf1a981aea56bf7c083a9a2f8935 ce580d3b2c532da72700>, name = "testuser"]
    Fri Jan 23 02:05:27 2015 : sent [CHAP Failure id=0x66 ""]
    Fri Jan 23 02:05:27 2015 : CHAP peer authentication failed for testuser
    Fri Jan 23 02:05:27 2015 : sent [LCP TermReq id=0x2 "Authentication failed"]
    Fri Jan 23 02:05:27 2015 : Connection terminated.
    Fri Jan 23 02:05:27 2015 : L2TP disconnecting...
    Fri Jan 23 02:05:27 2015 : L2TP sent CDN
    Fri Jan 23 02:05:27 2015 : L2TP sent StopCCN
    Fri Jan 23 02:05:27 2015 : L2TP disconnected
    2015-01-23 02:05:27 CET       --> Client with address = 192.168.1.1 has hungup
    I get the same error when trying to log in with the admin.
    All help is appreciated!
    Thank you

    When using klist, do you get an entry where the principal starts with imap?
    In Server.app, what authentication option(s) do you have selected for Mail?
    Tim
    p.s., I see I was wrong and you actually had commented on another thread.  Please start a new thread for your situation.

  • Forcing successful chap authentication for old tacacs users

    We have a NT4.0 tacacs+ ACS server that we want to turn off, permitting connections with blank usernames and passwords (or fictious). Our clients actually connect to us via PPP/ISDN with a username/password pair, in chap. Is it possible to disable ppp chap processing from our IOS 12.2 3600, forcing an always-true auth? The command "aaa authentication ppp default none" permits Windows RAS users to authenticate with every username/password, but Cisco users cannot complete the PPP LCP phase.

    Pierluigi
    I am not understanding well your problem. If you do not want to authenticate then it seems that aaa authentication ppp default none should achieve that, unless you have configured some different authentication method for your PPP. Perhaps if you post the configuration of the router we might be better able to identify the issue.
    It might also be helpful to have the output of debug ppp negotiation and debug ppp authenticat.
    HTH
    Rick

  • ISE 1.2 Authentication Failures at First time Connection

    Hi,
     I have a trouble with ISE 1.2 when trying to authenticate for first time an end-device, this device might be either a Workstation or IP Phone or Printer,etc. it fails or staying in running mode. The result is the same it can not access the network.  hopefully I'm still in open mode :)
    As i described in the beginning everything has status Running or Authz Failed. and after a time of period usually one day finally succeeds.
    This happens mostly for workstations and printers, but in case of phones does not have the same behavior. I unplug plug the phones or I shut/ no shut the ports in order to trigger it to succeed. For some phones worked but other obstinately declined.
    The phones which are not Cisco phones authenticated with MD5 (a simple username and pass  ) i think the problem should not related with the auth protocol.
    Below are some logs from one phone. For me coming to a short conclusion this must be related with the switches which are 3750e (15.02 SE 4 IOS)
    or with the same the ISE, why because i have almost the same behavior for all end-devices.
    I kindly remain your comments...
    2169669: Apr 16 18:02:20.573 EEST: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/35, changed state to up
    2169670: Apr 16 18:02:20.783 EEST: %DOT1X-5-FAIL: Authentication failed for client (0080.9f7d.3ddf) on Interface Gi1/0/34 AuditSessionID 0A114D0D0000D5E8855C01DE
    2169671: Apr 16 18:02:20.791 EEST: %AUTHMGR-7-RESULT: Authentication result 'timeout' from 'dot1x' for client (0080.9f7d.3ddf) on Interface Gi1/0/34 AuditSessionID 0A114D0D0000D5E8855C01DE
    S301#
    2169672: Apr 16 18:02:20.992 EEST: %AUTHMGR-5-START: Starting 'dot1x' for client (0080.9f7d.3ddf) on Interface Gi1/0/34 AuditSessionID 0A114D0D0000D5F0855DE0EF
    2169673: Apr 16 18:02:21.580 EEST: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/35, changed state to up
    S301#
    2169674: Apr 16 18:02:24.289 EEST: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/35, changed state to down
    S301#
    2169675: Apr 16 18:02:25.288 EEST: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/35, changed state to down
    2169676: Apr 16 18:02:26.269 EEST: %AUTHMGR-5-START: Starting 'dot1x' for client (0080.9f7d.3e6f) on Interface Gi1/0/35 AuditSessionID 0A114D0D0000D5F1855DF3BE
    2169677: Apr 16 18:02:26.294 EEST: %DOT1X-5-FAIL: Authentication failed for client (0080.9f7d.3e6f) on Interface Gi1/0/35 AuditSessionID 0A114D0D0000D5F1855DF3BE
    2169678: Apr 16 18:02:26.294 EEST: %AUTHMGR-7-RESULT: Authentication result 'fail' from 'dot1x' for client (0080.9f7d.3e6f) on Interface Gi1/0/35 AuditSessionID 0A114D0D0000D5F1855DF3BE
    2169679: Apr 16 18:02:26.303 EEST: %DOT1X-5-FAIL: Authentication failed for client (0080.9f7d.3e6f) on Interface Gi1/0/35 AuditSessionID 0A114D0D0000D5F1855DF3BE
    2169680: Apr 16 18:02:26.303 EEST: %AUTHMGR-7-RESULT: Authentication result 'fail' from 'dot1x' for client (0080.9f7d.3e6f) on Interface Gi1/0/35 AuditSessionID 0A114D0D0000D5F1855DF3BE
    2169681: Apr 16 18:02:26.319 EEST: %DOT1X-5-FAIL: Authentication failed for client (0080.9f7d.3e6f) on Interface Gi1/0/35 AuditSessionID 0A114D0D0000D5F1855DF3BE
    2169682: Apr 16 18:02:26.319 EEST: %AUTHMGR-7-RESULT: Authentication result 'fail' from 'dot1x' for client (0080.9f7d.3e6f) on Interface Gi1/0/35 AuditSessionID 0A114D0D0000D5F1855DF3BE
    2169683: Apr 16 18:02:26.319 EEST: %AUTHMGR-7-FAILOVER: Failing over from 'dot1x' for client (0080.9f7d.3e6f) on Interface Gi1/0/35 AuditSessionID 0A114D0D0000D5F1855DF3BE
    2169684: Apr 16 18:02:26.319 EEST: %AUTHMGR-5-START: Starting 'mab' for client (0080.9f7d.3e6f) on Interface Gi1/0/35 AuditSessionID 0A114D0D0000D5F1855DF3BE
    2169685: Apr 16 18:02:26.328 EEST: %MAB-5-FAIL: Authentication failed for client (0080.9f7d.3e6f) on Interface Gi1/0/35 AuditSessionID 0A114D0D0000D5F1855DF3BE
    2169686: Apr 16 18:02:26.328 EEST: %AUTHMGR-7-RESULT: Authentication result 'no-response' from 'mab' for client (0080.9f7d.3e6f) on Interface Gi1/0/35 AuditSessionID 0A114D0D0000D5F1855DF3BE
    2169687: Apr 16 18:02:26.328 EEST: %AUTHMGR-7-FAILOVER: Failing over from 'mab' for client (0080.9f7d.3e6f) on Interface Gi1/0/35 AuditSessionID 0A114D0D0000D5F1855DF3BE
    2169688: Apr 16 18:02:26.328 EEST: %AUTHMGR-7-NOMOREMETHODS: Exhausted all authentication methods for client (0080.9f7d.3e6f) on Interface Gi1/0/35 AuditSessionID 0A114D0D0000D5F1855DF3BE
    S301#
    2169689: Apr 16 18:02:26.336 EEST: %AUTHMGR-5-FAIL: Authorization failed or unapplied for client (0080.9f7d.3e6f) on Interface Gi1/0/35 AuditSessionID 0A114D0D0000D5F1855DF3BE
    S301#
    2169690: Apr 16 18:02:27.737 EEST: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/35, changed state to up
    2169691: Apr 16 18:02:28.744 EEST: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/35, changed state to up
    Regards
    T.C

    I'm not using authentication method with certificates for none end-devices
    Workstations with the windows default authentication protocol EAP/MSCHAPv2
    In front of them there are non Cisco IP-phones with auth. method EAP/MD5
    Finally I also have some printers again with option EAP/MD5
    For all of these devices I received the same behavior, after many hours finally the authenticated with ISE. But is this the expected behavior?
    What I understand is that if the devices finally authenticated then it means that there isn’t anything wrong with the method.
    The misunderstanding points are 3
    Why there is so much delay for all devices to authenticate?
    Why some devices, mostly IP phones (not all) continuing to fail to the authentication method. All my devices are identical with the same software / patch, same model etc.
    I have noticed randomly some devices one moment to succeed and the next moment to failed
    So for my understanding there is an abnormal behavior and i cannot find the way /pattern to correct it or to understand the reason :)
    Port config
    switchport access vlan xxx
     switchport mode access
     switchport voice vlan yyy
     ip access-group ACL-ALLOW in
     authentication event fail action next-method
     authentication event server dead action reinitialize vlan xxx
     authentication event server dead action authorize voice
     authentication event server alive action reinitialize
     authentication host-mode multi-domain
     authentication open
     authentication order dot1x mab
     authentication priority dot1x mab
     authentication port-control auto
     authentication periodic
     authentication timer reauthenticate server
     authentication violation restrict
     mab
     dot1x pae authenticator
     no cdp enable
     spanning-tree portfast
    result template
    Switch#sh auth sess int g1/0/46
                Interface:  GigabitEthernet1/0/46
              MAC Address:  xxxx.xxxx.xxxx
               IP Address:  xx.xxx.xx.xxx
                User-Name:  xxxxxxxxxxxx
                   Status:  Authz Failed
                   Domain:  DATA
          Security Policy:  Should Secure
          Security Status:  Unsecure
           Oper host mode:  multi-domain
         Oper control dir:  both
          Session timeout:  N/A
             Idle timeout:  N/A
        Common Session ID:  0A114D0A00001972016208E1
          Acct Session ID:  0x00001BB7
                   Handle:  0x6D0009B6
    Runnable methods list:
           Method   State
           dot1x    Failed over
           mab      Failed over

  • Real time threat detection

    Hello,
    To make real time detection more effective,
    how to find the Cisco device alert pattern for real time detection of attack?
    For example, SQL slammer worm, Cisco IDS will fire its related/specific signature. For any Trojan activity IDS will fire specific signature.
    But how to find a signature patter, or packet pattern for session hijack, ip spoofing and other IP based attacks? (not related to applications)
    Is there any knowledge source, which can show traffic/packet pattern generated by IP based attacks/protocol behavior in attack? What kind of alerts for what kind of attack, sequence of alerts, etc.
    I am using netForensics for real time threat detection; I want to make some rules which will match the IP behavior/IDS signature generation pattern in progressing attack.
    I am looking for such kind of knowledge base, if any one have experience in this please help me out.
    Regards
    Kapish

    hi, that was a cool link.
    But it didnt show any information on attack progress, stages of attack and alert pattern that normal Cisco IDS will generate for the same.
    I am looking for deep analytical information, which will show me how to correlate alerts manually. I am using netForensics, I want to make rules in it for IDS and PIX using my understanding to find attack at its point of progress.
    regards
    Kapish

  • VPN - CHAP authentication failed

    I am currently running a Mac mini server with 10.8.2 installed. I can connect to my VPN when connected to the internal network with the same credentials I'm trying when connecting externally, however I am not able to connect externally. The VPN server log says...
    Wed Jan  9 19:05:45 2013 : PPTP incoming call in progress from 'XXX.XXX.XXX.XXX'...Wed Jan  9 19:05:45 2013 : PPTP connection established.
    Wed Jan  9 19:05:45 2013 : using link 0
    Wed Jan  9 19:05:45 2013 : Using interface ppp0
    Wed Jan  9 19:05:45 2013 : Connect: ppp0 <--> socket[34:17]
    Wed Jan  9 19:05:45 2013 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x41729571> <pcomp> <accomp>]
    Wed Jan  9 19:05:45 2013 : rcvd [LCP ConfReq id=0x1 <mru 1400> <asyncmap 0x0> <magic 0x76af3698> <pcomp> <accomp>]
    Wed Jan  9 19:05:45 2013 : lcp_reqci: returning CONFACK.
    Wed Jan  9 19:05:45 2013 : sent [LCP ConfAck id=0x1 <mru 1400> <asyncmap 0x0> <magic 0x76af3698> <pcomp> <accomp>]
    Wed Jan  9 19:05:48 2013 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x41729571> <pcomp> <accomp>]
    Wed Jan  9 19:05:48 2013 : rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x41729571> <pcomp> <accomp>]
    Wed Jan  9 19:05:48 2013 : sent [LCP EchoReq id=0x0 magic=0x41729571]
    Wed Jan  9 19:05:48 2013 : sent [CHAP Challenge id=0xcc <1b0470764c2477634532244f7056405b>, name = "server.robertsteeter.private"]
    Wed Jan  9 19:05:48 2013 : rcvd [LCP ConfReq id=0x2 <mru 1400> <asyncmap 0x0> <magic 0x5fbceae0> <pcomp> <accomp>]
    Wed Jan  9 19:05:48 2013 : sent [LCP ConfReq id=0x2 <asyncmap 0x0> <auth chap MS-v2> <magic 0x772dcec9> <pcomp> <accomp>]
    Wed Jan  9 19:05:48 2013 : lcp_reqci: returning CONFACK.
    Wed Jan  9 19:05:48 2013 : sent [LCP ConfAck id=0x2 <mru 1400> <asyncmap 0x0> <magic 0x5fbceae0> <pcomp> <accomp>]
    Wed Jan  9 19:05:48 2013 : rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x41729571> <pcomp> <accomp>]
    Wed Jan  9 19:05:48 2013 : rcvd [LCP ConfAck id=0x2 <asyncmap 0x0> <auth chap MS-v2> <magic 0x772dcec9> <pcomp> <accomp>]
    Wed Jan  9 19:05:48 2013 : sent [LCP EchoReq id=0x0 magic=0x772dcec9]
    Wed Jan  9 19:05:48 2013 : sent [CHAP Challenge id=0x6a <65334e292e400860457a3e710278142e>, name = "server.robertsteeter.private"]
    Wed Jan  9 19:05:48 2013 : rcvd [LCP EchoRep id=0x0 magic=0x5fbceae0]
    Wed Jan  9 19:05:48 2013 : rcvd [CHAP Response id=0x6a <3c2c0bb90568f62f5ada84294038e828000000000000000032bf450620bf278e54e8d70b5ed48a 4a5567f528df9194bd00>, name = "matt"]
    Wed Jan  9 19:05:48 2013 : DSAuth plugin: unsupported authen authority: recved ShadowHash;HASHLIST:<SMB-NT,CRAM-MD5,RECOVERABLE,SALTED-SHA512-PBKDF2>, want ApplePasswordServer
    Wed Jan  9 19:05:48 2013 : DSAuth plugin: MPPE key required, but its retrieval failed.
    Wed Jan  9 19:05:48 2013 : sent [CHAP Failure id=0x6a "S=D43D9FBA673744184953601DBB181A5E9B2FF9C9 M=Access granted"]
    Wed Jan  9 19:05:48 2013 : CHAP peer authentication failed for matt
    Wed Jan  9 19:05:48 2013 : sent [LCP TermReq id=0x3 "Authentication failed"]
    Wed Jan  9 19:05:48 2013 : Connection terminated.
    Wed Jan  9 19:05:48 2013 : PPTP disconnecting...
    Wed Jan  9 19:05:48 2013 : PPTP disconnected
    2013-01-09 19:05:48 EST    --> Client with address = 192.168.100.241 has hungup
    Not sure what the issue is, however I'm sure I have the username/password and shared secret all correct since I can connect internally. Any suggestions?

    I have a similar problem:
    OS X Server 10.3.9 running on a G3; clients running OS X 10.4.8.
    I used Server Admin to set up the server with L2TP and set the shared secret[1]; I used Internet Connect to try to get a client to connect to the server. The result is always the same: The client says "Authentication Failed" and the server's logs record the conversation (Here's the relevant part):
    ...Tue Jan 16 15:55:08 2007 : sent [CHAP Challenge id=0x1 <c9af9d6375c13e5657d49c44c6ab8259>, name = "inside"]
    Tue Jan 16 15:55:08 2007 : rcvd [LCP EchoReq id=0x0 magic=0x9101c22f]
    Tue Jan 16 15:55:08 2007 : sent [LCP EchoRep id=0x0 magic=0xf01aa2]
    Tue Jan 16 15:55:08 2007 : rcvd [LCP EchoRep id=0x0 magic=0x9101c22f]
    Tue Jan 16 15:55:08 2007 : rcvd [CHAP Response id=0x1 <f27c5a611e1e9cf68c17d04d37448b6d00000000000000000f035bba35b5a714589e7292c1fba0 78d57fb3640b62a08e00>, name = "timberwoof"]
    Tue Jan 16 15:55:08 2007 : sent [CHAP Failure id=0x1 "E=691 R=1 C=C9AF9D6375C13E5657D49C44C6AB8259 V=0 M=Access denied."]
    Tue Jan 16 15:55:08 2007 : CHAP peer authentication failed for remote host timberwoof
    Tue Jan 16 15:55:08 2007 : sent [LCP TermReq id=0x2 "Authentication failed"]
    Tue Jan 16 15:55:08 2007 : rcvd [LCP TermReq id=0x2 "Failed to authenticate ourselves to peer"]
    The user 'timberwoof' exists on the server. I tried changing password type to Advanced, but there's a catch-22 situtation: no user is set up with Advanced password, and it can only be changed to that by a user using Advanced password.
    [1] Has anyone else noticed that the dialog box for setting this in Server Admin 10.4.7 is broken? It always forgets the shared secret and then complains that none has been entered.

Maybe you are looking for