Hello,
I am having problem with 802.1x MAB authentication on ESW 520 switch, the authentication server is ACS 5.3.
The Authentication method on ESW is 802.1x & MAC, and Host Authentication mode is Multi Session. When i plug ip phone it never authenticate the phone, and on ACS I get following error message:
Radius authentication failed for USER: aa1effbb8fd4 MAC: aa-1E-FF-bb-8F-D4 AUTHTYPE: Radius authentication failed
!
RADIUS Status:Authentication failed : 11509 Access Service does not allow any EAP protocols
------
15004 Matched rule
15012 Selected Access Service - MAB
11507 Extracted EAP-Response/Identity
11509 Access Service does not allow any EAP protocols
11504 Prepared EAP-Failure
11003 Returned RADIUS Access-Reject
For that Access Service I have configured only Host Lookup.
The same ACS configuration is working perfectly on Catalyst 3560G switche.
It seems that ESW switch is not telling ACS that authentication is going to be by MAC address.
Do you have any idea what can be the problem.