Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1970
Views
0
Helpful
1
Replies

PEAP with ACS 3.1 for "Port Based Network Access Control"

ak1819
Level 1
Level 1

‎02-07-2003 07:35 AM - edited ‎03-10-2019 07:08 AM

Hi

I'am try to Implement "Port Based Network Access Control" with PEAP (not with Wireless):

Environment:

XP Client (PEAP & Ca)

Catalyst 2948G Version 7.4.3 (inkl. setup for 802.1x)

ACS 3.1 (with Server-Certificate & Radius IETF & External Databes LDAP config)

The ACS is logging the Request with this fault:

Message-Type: "Bad request from NAS"

Authen-Failure-Code: "Invalid message authenticator in EAP request"

Maybe some person have knowledge of this Message.....?

Thank's

Urs

Labels:
0 Helpful
1 Reply 1

jcosgrove
Level 1
Level 1

‎02-12-2003 05:30 AM

I have been working on this as well. It turns out that Microsofts implementation changed from when cisco first set up the ACS 3.1 and now it will not work till ACS 3.2 comes out. There is not very much documentation on the Cisco website reguarding these problems but I ended up opening a case with TAC and found out I was doing everything right but the ACS and Microsoft were incompatable. From what I understand you can wait for ACS 3.2 (around May) or get an advanced copy of Windows 2003 server and run the Microsoft radius server and this should work. I have not tried the MS radius server. I am waiting for ACS 3.2. If you want to do some testing load the Cisco Aironet Client utility on your Client computer(I know you are not doing wireless). This will overwrite the MS parts of PEAP with the cisco peap and will work with ACS 3.1. The only drawback is you will have a 2 step login. This solution does not hook into the MS login so you have to login twice.

0 Helpful
Customers Also Viewed These Support Documents