Solved: Hi Neno, yes you are correct,

marioderosa2008 · ‎11-04-2014

Hi all,

I have defined an AuthC policy which is very similar to two other policies which work fine.

The condition is ONLY based on the NAS IP and once that is matched, the only protocol allowed is PAP and that the Internal Users DB should be consulted for the user.

Only thing is that when the RADIUS authentication request comes in, it does not match the policy I have created and matches the defaul Deny Access rule.

Attached are screenshots of what I have configured. If there is anything else that you may need me to tell you to help me troubleshoot this then let me know.

I thought it may be an issue with using the Internal User store, so instead I changed it to "AD1" which then makes it exactly the same as the other rules that work fine, but this rule still will not match.

I think this is another bug.

Any advice greatly appreciated thanks!

Mario De Rosa

nspasov · ‎11-04-2014

Hello Mario-

Looking at the logs, the session is not using PAP/ASCII but instead it is using "dot1x" What type of scenario are you doing here?

Thank you for rating helpful posts!

View solution in original post

nspasov · ‎11-04-2014

Hello Mario-

Looking at the logs, the session is not using PAP/ASCII but instead it is using "dot1x" What type of scenario are you doing here?

Thank you for rating helpful posts!

marioderosa2008 · ‎11-06-2014

Hi Neno,

yes you are correct, it was because I did not allow 802.1x in the Authentication policy.

The scenario is that we have a 3g mobile network and we are setting up RADIUS authentication for the 3g routers as they log in to the 3g cloud.

Thanks

Mario

nspasov · ‎11-06-2014

Cool. Glad your issue is solved!

Wierd Problem with Cisco ISE AuthC policy