cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

3570
Views
1
Helpful
11
Replies
Beginner

ACS 5.1 Radius device administration error 11033

Hello,

I'm trying to configure ACS 5.1 as radius server for a catalyst switch but i can't make it work.

I keep on getting the "11033 Selected Service type is not Network Access" error message.

Tacacs works fine but radius does not.

Does anybody have a sample device administration config to use with RADIUS?

It seem the service type does not work with radius in this scenario ( radius + device admin).

Regards,

Thibault.

Everyone's tags (5)
11 REPLIES 11
Highlighted
Enthusiast

Re: ACS 5.1 Radius device administration error 11033

The default access policy for RADIUS on ACS 5.1 is for network access, and you are trying to authenticate an interactice login. You need to create a new access policy, using RADIUS, and choose the correct login type.

Highlighted
Beginner

Re: ACS 5.1 Radius device administration error 11033

Hello,

I am not using the default policy. I've created a new policy for device administration and Radius but each time I try to log into my switch I get this

11033 error message that basically tells me Radius is for network access not device administration.

...Hence my other post : is it possible to do RADIUS AAA for device admin with ACS 5.1?

So far I can't make it work and the report output is not verbose enough to tell the exact cause of this issue.

Regards,

Thibault.

Highlighted
Beginner

Re: ACS 5.1 Radius device administration error 11033

Does anybody out there use ACS 5.1 with RADIUS for device administration?

Highlighted
Beginner

Re: ACS 5.1 Radius device administration error 11033

Hey,

Please use TACACS for device admin and RADIUS for network access and make sure the config on the switch is pointing to the correct radius server host

eg

radius-server host x.x.x.x auth-port 1812 acct-port 1813

Thats how I set-up my ACS5.1 and its working fine. I don't think you will be able to use RADIUS for device admin. Hope this helps

Highlighted
Beginner

Re: ACS 5.1 Radius device administration error 11033

Hi,

Thanks for your help.

I'm still trying to find a way to configure ACS with RADIUS for device management.

Regards,

Thibault.

Highlighted
Beginner

Re: ACS 5.1 Radius device administration error 11033

I've reinstalled ACS 5.0 from scratch on a VM (demo version) and it is now working fine.

Not sure about what exactly happened in the first place...

It's just a bit annoying that a fresh install or a server reboot are sometimes the only fix to a major issue.

I hope it is different with a real appliance.

Highlighted
Beginner

ACS 5.1 Radius device administration error 11033

Hello ibault,

I am also configuring ACS 5,3 for configuring some aaa clients switches to add as clinets for device management using radius.

can you give some hints to me ?

Regards

Ajay

Highlighted
Contributor

ACS 5.1 Radius device administration error 11033

For CLI login, the Service-Type attribute must be set to Login on the RADIUS server.

Highlighted
Beginner

ACS 5.1 Radius device administration error 11033

Hi,

Could someone let me know how I can use same aaa client for using as 802.1x authentication server & also to work as a proxy radius for device administration ?

Means :

for 802.1x network access of user  : ACS will work as authentication server

for Device management : ACS will work as proxy and send the request to ACS server.

Highlighted
Contributor

ACS 5.1 Radius device administration error 11033

I don't understand what you mean by "ACS will work as a proxy and send the request to an ACS server". 

Why would you want to proxy a request, just to send it to itself?

Highlighted

ACS 5.1 Radius device administration error 11033

Yeah, I also had this issue... It´s actually pretty easy to solve!

For ‘Administration of device via radIus’ you need to use Network Access service.

Go to

Access Policies > ... > Access  Services > Service Selection Rules


Check your RADIUS rule. You should have Network Access as the Service Type. Note that this cannot be modified, so delete the existing rule and create a new one with the same Identity and Authorization config.

Thats it, works as a charm