Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
7448
Views
0
Helpful
15
Replies

ACS 5.3 Configuring 802.1x

Juan Carlos Arias Perez
Level 4
Level 4

‎01-17-2012 04:59 PM - edited ‎03-10-2019 06:44 PM

Trying to configure 802.1x with ACS 5.3, have some general doubts about how to make it, this is what I got for the moment:

ACS 5.3 = 192.168.240.28

AD = 192.168.251.97

Switch = 192.168.240.171

IOS device config

Already configured and running Device Administration using Tacacs, mising with Radius aaa commands:

aaa group server tacacs+ TACACS_PLUS

server 192.168.240.28

!

aaa group server radius RADIUS_1x

server 192.168.240.28 auth-port 1812 acct-port 1813

!

aaa authentication login default group TACACS_PLUS

aaa authentication login no_tacacs enable local

aaa authentication enable default group RADIUS_1x

aaa authentication dot1x default group RADIUS_1x

aaa authorization config-commands

aaa authorization exec no_tacacs local

aaa authorization commands 15 TACACS_PLUS group tacacs+

aaa authorization network default group RADIUS_1x

aaa authorization auth-proxy default group RADIUS_1x

aaa accounting send stop-record authentication failure

aaa accounting update newinfo

aaa accounting dot1x default start-stop group RADIUS_1x

aaa accounting exec default start-stop group TACACS_PLUS

aaa accounting network default start-stop group TACACS_PLUS

aaa accounting connection default start-stop group TACACS_PLUS

aaa accounting system default start-stop group RADIUS_1x

!

tacacs-server host 192.168.240.28 port 49 key 7 104D0617040717180F05

tacacs-server directed-request

radius-server attribute 8 include-in-access-req

radius-server host 192.168.240.28 auth-port 1812 acct-port 1813

radius-server timeout 20

radius-server key 7 094F410718151201080D

radius-server vsa send authentication

!

dot1x system-auth-control

!

errdisable detect cause security-violation shutdown vlan

errdisable recovery cause security-violation

!

interface GigabitEthernet0/24

switchport mode access

switchport voice vlan 7

dot1x pae authenticator

dot1x port-control auto

dot1x host-mode multi-host

dot1x timeout quiet-period 15

spanning-tree portfast

spanning-tree bpduguard enable

ACS 5.3 Configuration until now

2.jpg

2.jpg

3.jpg

4.jpg

5.jpg

6.jpg

7.jpg

I have a document on how to configure this on ACS 4.2, but I have some problems trying to configure on ACS 5.3.

I'll appreciate a lot any ideas that could help me on this.

Regards,

Juan Carlos

Labels:
0 Helpful
15 Replies 15

Juan Carlos Arias Perez
Level 4
Level 4
In response to camejia

‎01-20-2012 10:02 AM

Carlos, thanks for time, I appreciate all your comments.

Regards,

Juan Carlos Arias

0 Helpful
Customers Also Viewed These Support Documents