05-24-2007 09:03 AM - edited 03-10-2019 03:10 PM
Hello
I have an appliance ACS v4.1 and I use 802.1X PEAP authentication.
All work fine for PC which are 802.1X compliant with an external database Active Directory
But when you wan't to authenticate a non 802.1X device such as printer, the ACS log an "Internal Error" in Authentication failure code on the Failed report.
I have create an object on AD that have the username = @mac and password = @mac
Can you tell me if you have solution to solve this problem ?
Thanks for your help
05-28-2007 04:31 AM
Hi,
I'not sure if you have configured MAB. To achieve it we need to set up MAB.
http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/acs40/user/sp.htm#wp1160819
Regards,
05-28-2007 10:44 PM
Hi,
I have look this configuration, but in "Network Access Profile" you can only configure a type of Mac authentication bypass with ACS Internal Database or LDAP Server but not with an Active Directory Database ?
When I configure This whis Internal Database it's work fine and the message "Internal Error" don't Appear.
But I have look on a meeting, that can do this with an Active Directoy database .
If you have other solutions
Thanks
06-01-2007 05:16 PM
Hi,
I haven't done that, might not be possible either. But you can start with how exactly the unknown device is being discovered.
If you have ACS for windows, turn it on to full logging from System Configuration > Service Control > Level of Detail > Full > Restart.
And when the authentication fails with Internal Error code, take the time stamp when it failed, and search how exactly the device was searched from Auth.log file. Its a simple readable text file. found from,
It will give you a pretty good idea.
Do share the result!
Regards,
Prem
06-04-2007 07:28 AM
Hello
I have an appliance ACS and log don't show nothing else that :
05/25/2007 17:00:51 Authen failed 000d6013d891 Printers 00-0D-60-13-D8-91 (Default) Internal error .. .. 50019 10.253.104.94 .. .. .. .. .. gvanet01 ..
I can't have a more precisely log i think
I have open a call on cisco and i wait for a reponse
thanks
06-04-2007 07:39 AM
Hi,
This is how you can get logs from acs appliance,
Make sure login is full,
System Configuration --> Support --> Run Support Now.
After a min it will ask you to save a file"Package.cab". This file contains all of the log information from ACS.
Thanks
06-04-2007 05:11 PM
First, ACS should not log "Internal Error" in Authentication failure code on the Failed report.
It should also work by creating an object on AD if you like for the username = @MAC and password = @MAC.
This documentation reference is incorrect to achieve such an operation:
<http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/acs40/user/sp.htm#wp1160819>
You're running into CSCsh62641. This has been fixed and you need ACS 4.1(3). See the release notes here:
The summary is, it allows you to only look at the CLID field (Re: the way "MAB: is documented above) OR to be able to just define a MAC as a "user account" somewhere like in Active Directory.
Hope this helps,
06-05-2007 12:36 AM
Hello
Thanks for your help
In fact I will try to obtain Upgrade to ACS 4.1(3) and i will tell you if it works
Thanks
06-07-2007 02:28 AM
Hello
The problem is solve when I upgrade ACS to 4.1.3.12.
And now i have no error message and Mac Authentication Bypass works fine with Active Directory
Thanks for your help
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: