06-10-2011 06:28 AM - edited 03-10-2019 06:09 PM
Folks,
I have an issue with an implementation, I had a ACS R5.1 that I'm using to authenticate the wireless users with 802.1x, that's OK and working fine. Now I want to use the same ACS to authenticate wired users using MAB (for IP phones, printers, servers, and other devices) and 802.1x (for corporate users). I already configured the authentication services (MAB and 802.1x) on ACS, but when I'm doing tests I can see that for example the phones are trying to authenticate using the 802.1x rules of wireless connection, not using the MAB rules.
Below you could see my switch configuration related to authentication.
switchport access vlan 2011
switchport mode access
switchport voice vlan 2111
ip access-group PRE-AUTH in
authentication event fail action authorize vlan 2211
authentication event no-response action authorize vlan 2211
authentication host-mode multi-domain
authentication port-control auto
mab
dot1x pae authenticator
dot1x timeout tx-period 5
dot1x max-reauth-req 1
You could also see an screen from the ACS in the attached file. On the picture remark you could see a IP Phone trying to authenticate using the wireless Access Services insted of using MAB.
Any help would be apreciated.
Regards,
Luis F. Martinez
06-10-2011 07:56 AM
Can you share the service selection rules you have defined
Also the RADIUS attributes in the wireless and MAB requests.
select: Monitoring and reports -> Launch Monitoring & Report Viewer
and then select Authentications -> RADIUS today
You should see a list of the requests including the ones you had tried. In the details column click on the icon and you will see the details of your RADIUS request. This includes the list of RADIUS attributes received.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide