Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
778
Views
0
Helpful
2
Replies

ACS 5.4 authenticating 802.1x

paulf
Level 1
Level 1

‎10-31-2013 10:05 PM - edited ‎03-10-2019 09:03 PM

Hi all,

Does anyone know why I am having troubles with Juniper SRX240 on ACS 5.4, its not behaving like the rest of my Cisco kit.

The good:

AAA   - ACS working OK for all switches/routers/firewall etc using TACACS+.

Dot1x -  phones, printer, and PC supplicants are all good using RADIUS on Cisco 3750s and 6509s.

Juniper - All devices working great with no Dot1x config. PCs hanging off 797x phones.  Phones all registered and UP on voice vlan.

The bad:

Juniper - Dot1x configured and ACS Monitoring and Reports tool shows GREEN entry and says all good!  But devices can't get a link.

Am I missing a custom attribute on ACS for the Juniper sessions?

I had to enter these two to get TACACS working properly for the Juniper box

- vsys          mandatory     root

- privilege     mandatory     root

Maybe I need something similar for RADIUS authorisations for supplicant devices too I don't know!

Also, do I need another Policy Element > Authorisation Profile on my ACS like the "cisco-av-pair device-traffic-class=voice", but an equivilent Juniper one to allow voice-vlan access?

Any help appreciated,

Paul

Labels:
0 Helpful
2 Replies 2

paulf
Level 1
Level 1
In response to blenka

‎11-06-2013 01:51 PM

Hi,

Yep I started there but had no luck and tried here.  BigResource is usually a great site I use it all the time, butI can't seemed to find any help on ACS authenticating dot1x supplicants, but Juniper SRX still denying access.

But thanks anyway for the suggestion Lenka.

Paul

0 Helpful
Customers Also Viewed These Support Documents