07-09-2013 01:52 AM - edited 03-10-2019 08:37 PM
Hi ,
I have configured radius for dot1x in an ACS 5.2. When I tried to connect a user to a dot1x enabled switch port, I get the following error in the radius.
| ||
| ||
The switchport configuration is :
switchport access vlan 810
switchport mode access
authentication event fail action authorize vlan 132
authentication event no-response action authorize vlan 810
authentication port-control auto
dot1x pae authenticator
dot1x max-req 3
ip verify source port-security
end
Please help in correcting this in ACS 5.2
Regards,
Abhishek
Solved! Go to Solution.
07-09-2013 03:15 AM
Ok ,
did you check the attribute that you want ACS to check in the incoming packet from client .
Most important , select the certificate profile as an identity store under access policies -- access service name - identity -- select .
BR ,
Tushar Gaba .
07-09-2013 02:24 AM
Abhishek ,
Can you please illustrate what kind of authentication are you trying to achieve in dot1x .
Is it mschap(password based) or certificate based .
If it is password based then the configuration on ACS looks ok because the error says that ACS is configured for password based .Then we need to check the right EAP flavor on the client .
If it is certificate based then we need to create a certificate profile which will be called in identity ..
access policies == access service (name) == identity .
We first need to create the same under >>>>> user and identity stores == certificate authentication profile == specify what you want ACS to look in the certificate (example , cn ,subject) .
Look forward to hear from you .
Regards ,
Tushar Gaba .
07-09-2013 03:04 AM
sers and Identity Stores > | Identity Store Sequences > | Edit: "CertBaseAuth" |
07-09-2013 03:15 AM
Ok ,
did you check the attribute that you want ACS to check in the incoming packet from client .
Most important , select the certificate profile as an identity store under access policies -- access service name - identity -- select .
BR ,
Tushar Gaba .
07-09-2013 03:23 AM
Thats seem to be the issue as I am not able to select any option under identity. Whenever I try to change any setting overthere for eg. select 'rule base result selection' and then try to edit the default rule, the below error comes:
Also to let u know the ACS here is an evaluation version.
Can it be related to it.
Rgds,
Abhishek
07-09-2013 03:27 AM
This is a known error .
Please log out of the ACS and log in back again .
Evaluated version should not be a problem .
Thanks ,
Tushar Gaba .
07-09-2013 04:19 AM
When I click on the 'rule based result selection' below
and then try to create after clicking the checkbox beside the 'status'
The below popup appears:
What can be the issue?
Rgds,
Abhishek
07-09-2013 04:27 AM
The issue was with the firefox...not able to check the setting in it, properly. Making the changes through IE. Will revert back with the status.
Rgds,
Abhishek
07-09-2013 04:28 AM
ok ..
07-09-2013 04:37 AM
Please don't forget to rate Tushar's feedback on this matter. Also, mark this thread resolved so that it may help other community members facing similar issues.
~BR
Jatin Katyal
**Do rate helpful posts**
07-09-2013 06:03 AM
Thanks Tushar! Its working flawlessly now. Able to authenticate user on certificate base.
Lesson learnt: Always use IE for Cisco ACS GUI.
Regards,
Abhishek
07-09-2013 06:30 AM
Most Welcome .
IE and Mozilla are the only documents browsers which support ACS .
The trick is the version of IE and MOZILLA .You can find the supported browsers and their versions in the release notes .
I hope it was helpful .Please rate if the issue stands resolved so that if any new person sees he/she can take it as a valuable solution .
Best regards ,
Tushar Gaba .
07-10-2013 02:23 AM
Hi Tushar,
Can you please also let me know how to resolve issue of dot1x connectivity, when a user who has connected his laptop to a dot1x enabled port and the laptop is yet to boot.
Rgds,
Abhishek
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: