AAA Protocol > RADIUS Authentication Detail

ACS
session ID he2tacs01/184954131/3
:
Date :
March 23, 2014
Generated on March 23, 2014 11:05:15 AM EDT

Authentication Summary
Logged At:
RADIUS Status:
NAS Failure:
Username:
MAC/IP Address:
Network Device:
Access Service:
Identity Store:
Authorization Profiles:
CTS Security Group:
Authentication Method:

Actions

Mar 23,14 9:31:14.710 AM

Authentication succeeded
rajivtest
D4-BE-D9-0F-B3-A7
switch:172.26.104.1:GigabitEthernet0/8
Default Network Access

Troubleshoot Authentication
View Diagnostic Messages

Audit Network Device Configuration

View Network Device Configuration
View ACS Configuration Changes

Permit Access
x509_PKI

Authentication Result
User-Name=rajivtest
Class=CACS:he2tacs01/184954131/3
EAP-Key-Name=0d:53:2e:5c:d0:7a:07:ee:9e:3d:6c:d7:cf:e1:cf:0d:8d:bf:85:90:ee:9a:03:6e:14:4e:b3:54:2b:b5:3a:b5:26:53:2e:e2:1f:2e:da:8b:80:00:f6:72:e4:4d:00:
45:27:71:e5:02:0d:d7:de:06:bc:87:6c:0d:6a:46:07:1b:a2

Session Events
Radius authentication passed for USER: rajivtest MAC: D4-BE-D9-0F-B3
-A7 AUTHTYPE:

Mar 23,14 9:31:14.710 AM

Authentication Details
Logged At:
ACS Time:
ACS Instance:
Authentication Method:
EAP Authentication
Method :
EAP Tunnel Method :

Mar 23,14 9:31:14.710 AM

Mar 23,14 9:31:14.696 AM
he2tacs01
x509_PKI
EAP-TLS

User

ACS Username:
RADIUS Username :
Calling Station ID:
Framed IP Address:
Host Lookup:

rajivtest
rajivtest
D4-BE-D9-0F-B3-A7

Network Device

Network Device:
Network Device
Groups:
NAS IP Address:
NAS Identifier:
NAS Port:
NAS Port ID:
NAS Port Type:

switch
Device Type:All Device Types
Location:All Locations
172.26.104.1
50008
GigabitEthernet0/8
Ethernet

Access Policy

Access Service:
Default Network Access
Identity Store:
Authorization Profiles: Permit Access
Exception
Authorization Profiles:
Active Directory
Domain:
Identity Group:

Radius authentication passed

Access Service
Selection Matched Rule Rule-1
:
Identity Policy Matched
Default
Rule:
Selected Identity Stores
:
Query Identity Stores:
Selected Query Identity
Stores:
Group Mapping Policy
Matched Rule:
Authorization Policy
Default
Matched Rule:
Authorization
Exception Policy
Matched Rule:
CTS

CTS Security Group:

Other

ACS Session ID:

Audit Session ID:
Tunnel Details:
H323 Attributes:
SSG Attributes:
Cisco-AVPairs:

Other Attributes:

he2tacs01/184954131/3

ACSVersion=acs-5.5.0.46-B.723
ConfigVersionId=12
Protocol=Radius
Service-Type=Framed
Framed-MTU=1500
State=31SessionID=he2tacs01/184954131/3;
Called-Station-ID=00-14-A8-6B-68-08
Device IP Address=172.26.104.1

Steps
11001 Received RADIUS Access-Request
11017 RADIUS created a new session
Evaluating Service Selection Policy
15004 Matched rule
15012 Selected Access Service - Default Network Access
11507 Extracted EAP-Response/Identity
12500 Prepared EAP-Request proposing EAP-TLS with challenge
12625 Valid EAP-Key-Name attribute received.
11006 Returned RADIUS Access-Challenge
11001 Received RADIUS Access-Request
11018 RADIUS is re-using an existing session
12502 Extracted EAP-Response containing EAP-TLS challenge-response and accepting EAP-TLS as negotiated
12800 Extracted first TLS record; TLS handshake started.
12805 Extracted TLS ClientHello message.
12806 Prepared TLS ServerHello message.
12807 Prepared TLS Certificate message.
12809 Prepared TLS CertificateRequest message.
12505 Prepared EAP-Request with another EAP-TLS challenge
11006 Returned RADIUS Access-Challenge
11001 Received RADIUS Access-Request
11018 RADIUS is re-using an existing session
12504 Extracted EAP-Response containing EAP-TLS challenge-response
12505 Prepared EAP-Request with another EAP-TLS challenge
11006 Returned RADIUS Access-Challenge
11001 Received RADIUS Access-Request
11018 RADIUS is re-using an existing session
12504 Extracted EAP-Response containing EAP-TLS challenge-response
12505 Prepared EAP-Request with another EAP-TLS challenge
11006 Returned RADIUS Access-Challenge
11001 Received RADIUS Access-Request
11018 RADIUS is re-using an existing session
12504 Extracted EAP-Response containing EAP-TLS challenge-response

12505 Prepared EAP-Request with another EAP-TLS challenge

11006 Returned RADIUS Access-Challenge
11001 Received RADIUS Access-Request
11018 RADIUS is re-using an existing session
12504 Extracted EAP-Response containing EAP-TLS challenge-response
12571 ACS will continue to CRL verification if it is configured for specific CA
12571 ACS will continue to CRL verification if it is configured for specific CA
12811 Extracted TLS Certificate message containing client certificate.
12812 Extracted TLS ClientKeyExchange message.
12813 Extracted TLS CertificateVerify message.
12804 Extracted TLS Finished message.
12801 Prepared TLS ChangeCipherSpec message.
12802 Prepared TLS Finished message.
12816 TLS handshake succeeded.
12509 EAP-TLS full handshake finished successfully
12505 Prepared EAP-Request with another EAP-TLS challenge
11006 Returned RADIUS Access-Challenge
11001 Received RADIUS Access-Request
11018 RADIUS is re-using an existing session
12504 Extracted EAP-Response containing EAP-TLS challenge-response
Evaluating Identity Policy
15006 Matched Default Rule
22037 Authentication Passed
Evaluating Group Mapping Policy
12506 EAP-TLS authentication succeeded
Evaluating Exception Authorization Policy
15042 No rule was matched
Evaluating Authorization Policy
15006 Matched Default Rule
15016 Selected Authorization Profile - Permit Access
22065 Max sessions policy passed
22064 New accounting session created in Session cache
11503 Prepared EAP-Success
11002 Returned RADIUS Access-Accept