cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
743
Views
0
Helpful
2
Replies

dot1x/ACS3.0/RSA ACE server 5.0

orbana
Level 1
Level 1

Hi,

I tried to configure dot1x (cat6500) with ACS 3.0 and RSA ACE server. In the first step when I configured static password in ACS everything was OK, but when I changed to the external user database I got an error: "Auth type not supported by External DB"

Does anyone know why?

Thanks,

1 Accepted Solution

Accepted Solutions

gfullage
Cisco Employee
Cisco Employee

The dot1x supplicant on the PC will use Extensible Authentication Protocol (EAP) authentication to send the username/password. This authentication method cannot be used with an external RSA database, RSA has to use PAP authentication which sends the password in the clear (which is OK because it's a one-time password).

See http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/acs31/acsuser/o.htm#625794 for details on the external DB's and password protocols. Notice how all the one-time password databases can only use PAP.

View solution in original post

2 Replies 2

gfullage
Cisco Employee
Cisco Employee

The dot1x supplicant on the PC will use Extensible Authentication Protocol (EAP) authentication to send the username/password. This authentication method cannot be used with an external RSA database, RSA has to use PAP authentication which sends the password in the clear (which is OK because it's a one-time password).

See http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/acs31/acsuser/o.htm#625794 for details on the external DB's and password protocols. Notice how all the one-time password databases can only use PAP.

Thanks a lot. I've left EAP completely out of consideration.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: