This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.
I am having difficulties implementing Mac-auth on selected ports between an HP ProCurve 2510 and Cisco ACS 5.3.The 802.1x works just fine, but for selected ports I need to implement port-access with MAC-based authentication instead of regular 802.1X (yeah, I know, but this line of ProCurve switches only support one auth-mechanism per port!).
The switch successfully forwards interesting MAC-auth requests for authentication to the ACS with CHAP/MD5, but the ACS reports this:
April 16,2012 1:20:48.080 PM
|Authentication failed : 22056 Subject not found in the applicable identity store(s).|
|HP2510 : 192.168.0.51 : 5|
|MAB Access Service|
CTS Security Group:
Evaluating Service Selection Policy
15004 Matched rule
15012 Selected Access Service - MAB Access Service
Evaluating Identity Policy
15006 Matched Default Rule
15013 Selected Identity Store -
22043 Current Identity Store does not support the authentication method; Skipping it.
22056 Subject not found in the applicable identity store(s).
22058 The advanced option that is configured for an unknown user is used.
22061 The 'Reject' advanced option is configured in case of a failed authentication request.
11003 Returned RADIUS Access-Reject
The ACS is configured to use the Internal Hosts database, where the client computer is configured like this;
Anyone encountered this, or has any suggestions?
host-lookup ist already activated.. the Problem is the Switch.. the switch is sending CHA/MD5 pakets to the acs...
i installed a newer firmware on my hp switches and now it works