Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1443
Views
0
Helpful
2
Replies

802.1x with ACS and Windows AD

Go to solution
marco.guttadauro_2
Level 1
Level 1

‎08-08-2011 05:41 AM - edited ‎03-10-2019 06:17 PM

Hi

Im trying to setup 802.1x with ACS 5.2 but am struggling as its very differnet to ACS 4.2.

I have setup the ACS to be the domain and think i have setup up the External Idnetity Store, however when i try to authenticate a pc using authentication Medthod 'PEAP (EAP-MSCHAPv2), i get a failure reason '22056 Subject not found in the applicable identity store'

Marco

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
alex.dersch
Level 4
Level 4

‎08-09-2011 10:35 AM

Hi Marco,

i guess you've missed a mapping configuration in the Access Policy Section.

Create a Access Service name it AS-802.1x select User Select Service Type and select Network Access. Select the Policy Structure Identity and Authorization. Select PEAP as allowed Protocol. Click Finish

You'll see the new service click Identity.

Select the identity source you've created then save.

Click on authorization

Select a default authorization rule permit access and save.

Create a Service Access Rule name it 802.1x

Select Protocol Radius as Condition and as Compound Condition select RADIUS-IETF:Service-Type match Framed then select the service you created before.

then you can try again.

regards

alex

View solution in original post

0 Helpful
2 Replies 2

Go to solution
alex.dersch
Level 4
Level 4

‎08-09-2011 10:35 AM

Hi Marco,

i guess you've missed a mapping configuration in the Access Policy Section.

Create a Access Service name it AS-802.1x select User Select Service Type and select Network Access. Select the Policy Structure Identity and Authorization. Select PEAP as allowed Protocol. Click Finish

You'll see the new service click Identity.

Select the identity source you've created then save.

Click on authorization

Select a default authorization rule permit access and save.

Create a Service Access Rule name it 802.1x

Select Protocol Radius as Condition and as Compound Condition select RADIUS-IETF:Service-Type match Framed then select the service you created before.

then you can try again.

regards

alex

0 Helpful

Go to solution
marco.guttadauro_2
Level 1
Level 1
In response to alex.dersch

‎08-10-2011 01:10 AM

Alex

Thanks. That is what i was missing.

Found another link on there that was having the same problem.

Document is located here

https://supportforums.cisco.com/docs/DOC-13545. though not sure if can donwload it properly but if do a google search for the document name, you can then download from there

0 Helpful
Customers Also Viewed These Support Documents