10-21-2012 08:17 AM - edited 03-10-2019 07:42 PM
with acs 4.2 installed in my network, PEAP, EAP-TLS, md5... authentications work normally. But Mac-Based-Authentication doesnt work at all. i tested every thing but no luck .
This is what i have setup on Swith for MAB:
aaa new-model
aaa authentication login default none
aaa authentication dot1x default group radius
radius-server host 192.168.2.16 auth-port 1645 acct-port 1646 key cisco
!
dot1x system-auth-control
!
interface FastEthernet0/1
switchport mode access
dot1x pae authenticator
dot1x port-control auto
dot1x mac-auth-bypass
On ACS server, i created Netword-Profile for MAB, i added those Agentless hosts mac-adds, Even i created User-Name&password by those Agentless hosts mac-adds on acs, ..... still nothing seems to be working. i have selected ACS_Internal-Database for mac authentication.
On ACS while i check the Failed-attempt log, nothing is logged there. i dont know where is the issue.
Please tell me where im wrong on my config?
05-23-2014 04:06 AM
Troubleshooting guide here
http://www.cisco.com/c/en/us/td/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4-2/trouble/guide/ACSTrbG42/Ch2.html
05-23-2014 04:39 AM
check the following guides for references
http://www.cisco.com/c/en/us/support/docs/security/secure-access-control-server-windows/99449-acsfolder-error.html
http://www.techsuite.net/bonnet3/wireless/cisco_eap_deployment_guide.pdf
http://www.cisco.com/c/en/us/td/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4-2/trouble/guide/ACSTrbG42/ecodes.html
05-23-2014 12:21 PM
You need to enter "mab" under the interface configuration. That will allow mab based authentications on the interface. Please note that the 802.1x timer and re-tries would have to time out before mab occurs. If you are still having problems please past the output of this command:
show authentication session interface interface_name_address
For more info on MAB you can take a look at the following guide:
http://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/identity-based-networking-services/config_guide_c17-663759.html
Thank you for rating helpful posts!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide