I have set up 2 rules in Access Policies -> Access Services -> Service Selection Rules.
The first rule (Rule-SwitchAdministrasjon) is to give users in a certain AD group access to administer switches.
This rule points to a policy called Policy-SwitchAdministrasjon where it says that the only allowed protocol is PAP/ASCII.
The next rule (Rule-SwitchAccess) points to a policy called Policy-SwitchAccess, and the purpose of this rule is to give users 802.1x access on switch ports.
But when I use a computer and connect it to a switchport, ACS gives me the following error:
"EAP-negotiation failed because the Allowed Protocols section of the Access Service has no EAP-based protocols enabled."
And the Access Service it hits/stops at is Policy-SwitchAdministrasjon.
It does not seem to jump to the next rule (Rule-SwitchAccess) at all.
(Please) correct me if I'm wrong, but isn't the whole point that it should jump to the next rule if the first one fails?
The rules themselves work; if I put the Rule-SwitchAccess on top, I'm able to get switchport access, but then I cannot log in to (administer) my switches any more.