ACS 5.1 - Access Services Issues

luisfernandomartinez · ‎06-10-2011

Folks,

I have an issue with an implementation, I had a ACS R5.1 that I'm using to authenticate the wireless users with 802.1x, that's OK and working fine. Now I want to use the same ACS to authenticate wired users using MAB (for IP phones, printers, servers, and other devices) and 802.1x (for corporate users). I already configured the authentication services (MAB and 802.1x) on ACS, but when I'm doing tests I can see that for example the phones are trying to authenticate using the 802.1x rules of wireless connection, not using the MAB rules.

Below you could see my switch configuration related to authentication.

switchport access vlan 2011

switchport mode access

switchport voice vlan 2111

ip access-group PRE-AUTH in

authentication event fail action authorize vlan 2211

authentication event no-response action authorize vlan 2211

authentication host-mode multi-domain

authentication port-control auto

mab

dot1x pae authenticator

dot1x timeout tx-period 5

dot1x max-reauth-req 1

You could also see an screen from the ACS in the attached file. On the picture remark you could see a IP Phone trying to authenticate using the wireless Access Services insted of using MAB.

Any help would be apreciated.

Regards,

Luis F. Martinez

jrabinow · ‎06-10-2011

Can you share the service selection rules you have defined

Also the RADIUS attributes in the wireless and MAB requests.

select: Monitoring and reports -> Launch Monitoring & Report Viewer

and then select Authentications -> RADIUS today

You should see a list of the requests including the ones you had tried. In the details column click on the icon and you will see the details of your RADIUS request. This includes the list of RADIUS attributes received.