Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
685
Views
0
Helpful
7
Replies

cisco sg250 switch for network access control

Go to solution
benv
Level 1
Level 1

‎10-30-2022 06:12 AM

i am deploying a 3rd party nac solution with a cisco sg250 10port switch

on the gui interface of the cisco sg250 switch i see 802.1x configuration which was properly configured

however when a user connects to the interface of the switch for 802.1x, on the 3rd party nac solution i see radius authentication rejected for username\domain

please advise if the cisco sg250 switch is considerable for 802.1x or just has basic 802.1x functionality

 

thanks

0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
pieterh
VIP
VIP

‎10-31-2022 06:36 AM - edited ‎10-31-2022 06:36 AM

>>> on the 3rd party nac solution i see radius authentication rejected for username\domain <<<

looks like the switch is talking properly to the 3rd party NAC device
but the radius request from this device to AD gets a "rejected" response
-> the NAC profile is not properly matchet or the user does not belong to the correct group to use NAC
-->> check your AD setitngs (not switch)

 

View solution in original post

0 Helpful
7 Replies 7

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎10-30-2022 06:27 AM

 

how is your user source configured on the NAC (is this from AD?)

other than just basic config on the switch side and switch added to your NAC, that should work as expected :

below for reference in case you missed any options - as per the message look like far end issue (I am in guess)

https://www.cisco.com/c/en/us/support/docs/smb/switches/cisco-220-series-smart-switches/smb5357-configure-802-1x-port-authentication-on-the-cisco-sx220-seri.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
benv
Level 1
Level 1
In response to balaji.bandi

‎10-30-2022 06:35 AM

Thank you balaj

user source is from AD

We have done the configuration based on that article you share

However we are not completely sure if the cisco SG250 switch is compatible for an 802.1x

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to benv

‎10-30-2022 06:44 AM

as per the switch concerns the switch capable of 802.1x, you need to check with NAC ( I am sure they do support I guess)

i see radius authentication rejected for username\domain   - this means the request was processed and failed somewhere in the path.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
benv
Level 1
Level 1
In response to balaji.bandi

‎10-30-2022 08:32 AM

Thank you

This article you posted is for SX 220 will the same configuration work for SG250?

Also while reading the article below it appears the SG250 might work for radius auth but definitely not for VLAN Assignment

https://community.cisco.com/t5/small-business-switches/radius-supplied-vlans-for-sg250-switches/td-p/4144726/page/2

0 Helpful

Go to solution
pieterh
VIP
VIP

‎10-31-2022 06:36 AM - edited ‎10-31-2022 06:36 AM

>>> on the 3rd party nac solution i see radius authentication rejected for username\domain <<<

looks like the switch is talking properly to the 3rd party NAC device
but the radius request from this device to AD gets a "rejected" response
-> the NAC profile is not properly matchet or the user does not belong to the correct group to use NAC
-->> check your AD setitngs (not switch)

 

0 Helpful

Go to solution
benv
Level 1
Level 1
In response to pieterh

‎10-31-2022 07:07 AM

Thank you for you response

yes you are correct we had issues with the AD connection this is now resolved

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card