Hey!
I am having difficulties implementing Mac-auth on selected ports between an HP ProCurve 2510 and Cisco ACS 5.3.The 802.1x works just fine, but for selected ports I need to implement port-access with MAC-based authentication instead of regular 802.1X (yeah, I know, but this line of ProCurve switches only support one auth-mechanism per port!).
The switch successfully forwards interesting MAC-auth requests for authentication to the ACS with CHAP/MD5, but the ACS reports this:
Evaluating Service Selection Policy |
15004 Matched rule |
15012 Selected Access Service - MAB Access Service |
Evaluating Identity Policy |
15006 Matched Default Rule |
15013 Selected Identity Store - |
22043 Current Identity Store does not support the authentication method; Skipping it. |
22056 Subject not found in the applicable identity store(s). |
22058 The advanced option that is configured for an unknown user is used. |
22061 The 'Reject' advanced option is configured in case of a failed authentication request. |
11003 Returned RADIUS Access-Reject |
The ACS is configured to use the Internal Hosts database, where the client computer is configured like this;
MAC-address: 00-26-55-88-6B-3D
Anyone encountered this, or has any suggestions?