ACS with Dynamic VLAN which protocol to use ??

tyagi.v · ‎10-27-2006

Hello,

Which Protocol do I need to use, for providing dynamic VLAN to my desktop machines?

As in ACS 4.0 if I use local database of ACS then users successfully get the dynamic VLAN & as soon I use AD database while integration it with ACS ,the authentication fails!!

Please help.

Jagdeep Gambhir · ‎10-28-2006

Hi,

What is the error message you are getting on acs failed attempts ? It seems to be a group mapping issue.

You need to use Radius IETF/MS-Chap v2.

Regards,

tyagi.v · ‎10-28-2006

Hi,

Thanks for the reply. I am using EAP-MD5.

However, the problem is if I am using ACS solution Engine local database, users are getting dynamic VLAN after authentication.

But when I use AD as user database, the authentication fails. Even strange thing is that if I use AD database to log in to any Cisco Router then the authentication is working fine.

Even I am struggling with TAC also from last week in two different cases! However, they are unable to help! I found TAC has limited resource for ACS.

So please suggest what to do as on Cisco site, I found lots of stuff for Wireless but I have only the desktops (no wireless).

So will the mention below URL be of any help?

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00805e7a18.shtml

Thanks in advance

Vijay

Jagdeep Gambhir · ‎10-30-2006

Hi Vijay,

EAP-MD-5 is not supported with AD. Check out this link,

http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/acs32/user02/o.htm#wp623289

Also let me know if you have any other issues with ACS. I don't think TAC has limited resorces on ACS.

Thanks,