thanks for your help vivek..

but i am actually lost in all the configuration options, i was hoping there is a link somewhere that shows me a step by step configuration for the ACS

would you know of any?

i have edited all the settings on the switch and my acs which i have directly connected.

I have put the port thats connected to the acs in "no switchport" mode.

and gave the port an ip address so that i can add it to the list of NDG's on the ACS.

but i dont know why.. but when i enter username and password credentials.. the dot1x port is unable to communicated with my acs server :-(

The debug states that trying all servers, and the ACS server ip 10.17.10.10 is dead on ports 1812, 1813

can someone help me here?

Hi,

I would suggest putting the switchport back to normal and then configure the following :-

int vlan 1

ip address

Here I am assuming that the ACS is in Vlan 1. It can be different. Just change the vlan number as desired.

HTH

Regards,

Vivek

If you've got an ACS SE you might be suffering from a common config bug:

Interface Configuration, Advanced Options. Check the Distributed System Settings box.

Network Configuration and under Proxy Distribution Table click the (Default) link.

In the table you should see one server in the AAA Servers column and one in the Forward To column, make sure your server is in the Forward To column and the other one is in the AAA Servers column.

Once you've done that you should see auth requests being logged. This is due to a bug in the Windows IP stack which results in a "ghost" server being configured on the inactive NIC when you first set the server up, ACS configured itself to send all auth traffic to the ghost so it gets black-holed.

Hi guys thank u for ur replies

this is how my network stands so far :

1) one 3550 switch directly connected to the ACS SE and windows 2003 server with AD and CA installed on it connected to the same switch.

4 ports are in 802.1x auto mode the rest are in pure layer 2

10.73.1.10 - ACS

10.73.1.5 - Windows 2003 Server

2) AD has 4 global security groups , IT, Marketing, Sales, Finance with 2 members each in it. Remote agent installed on the server.

3) ACS SE Config

a) Selected most of the options in interface config to be displayed under user and group setup

b) in network config .. i did not know how to add the 3550 switch to the NDG as its in layer 2.. do not understand wat IP address i can give there. but just added it with an ip address from 10.73.x.x range.. as this is my network.

c) in the proxy distribution table.. i only see one server and ive moved it to the "Foward to" coloumn

4) I have obtained a certificate from the windows ca and installed it on the ACS

5) External user database.. i found my ad and mapped each group from the windows databse to a group number .. and the edited the group settings in the group setup

6) when i enter the user name and password on the end user computer connected to the dot1x ports.. it send the info out..i can view this on the switch.. but it says that the 10.73.1.10 server on ports 1812,1813 is dead ..

i do not understand where img oing wrong.. this is wat ive read to do on most documents..