Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
879
Views
0
Helpful
3
Replies

Problems with 802.1x,ACS and Windows Server 2000

AndreasWeller
Level 1
Level 1

‎03-30-2005 04:05 AM - edited ‎03-10-2019 02:05 PM

Hi,

My components: ACS 3.3 running on a Server with Windows 2000 Server SP4 , 2950 Catalyst (AAA-Client) ,

Laptop with Windows XP SP2 (802.1x Client)

I have everything configured according to Cisco documentation, but I am getting one error in the ACS's log.( Failed Attempts active.csv)

Authen-Failure-Code : EAP-TLS or PEAP authentication failed during SSL handshake

I have a valide certificate on my Radius(ACS) server and about machine authentication I have a valide certificate on my laptop. (I have installed this certificate before i started to login at the 802.1x port of the switch)

Does anyone have any idea what the problem is?

Here is the Config of the Catalyst 2950 if that will help:

version 12.1

no service pad

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname ACS-Client1

!

aaa new-model

aaa authentication dot1x default group radius

enable secret xxxx

!

username xxxx privilege xxx password xxx

ip subnet-zero

!

ip ssh time-out 120

ip ssh authentication-retries 3

!

spanning-tree mode pvst

no spanning-tree optimize bpdu transmission

spanning-tree extend system-id

dot1x system-auth-control

!

interface FastEthernet0/13

switchport mode access

dot1x port-control auto

dot1x timeout quiet-period 3

dot1x timeout reauth-period 1

dot1x reauthentication

!

interface GigabitEthernet0/2

!

interface Vlan1

ip address 10.10.3.253 255.255.255.0

no ip route-cache

!

ip default-gateway 10.10.3.254

ip http server

radius-server host 10.10.3.1 auth-port 1812 acct-port 1813

radius-server retransmit 3

radius-server key radius

!

line con 0

password xxx

line vty 0 4

password xxx

line vty 5 15

password xxx

!

!

end

Labels:
0 Helpful
3 Replies 3

mariocabrejo
Level 1
Level 1

‎03-31-2005 08:48 AM

I runned into the same issue, but with a Cat3550 instead and without certificates, can anybody give any inputs.

Thanks

0 Helpful

Rutger Blom
Level 1
Level 1

‎04-16-2005 12:57 AM

Did you get to solve this problem? I'm having the exact same problem.

Regards,

Rutger

0 Helpful

AndreasWeller
Level 1
Level 1
In response to Rutger Blom

‎04-17-2005 11:18 PM

Yes we get to solve this problem. Because it is a only a test senario, we installed everything new, win2000 server SP4,the certificate service and the winXP on the client.

The config of the switch is ok, we set the reauth-period and quiet-period to default.

Then we test the whole configuration with the IAS-Radius (MS). After this we install the ACS, following this document:(Certificates were already installed)

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00801df0ea.shtml

Attention, we used the AEGIS Client not the XP Client!

0 Helpful
Customers Also Viewed These Support Documents