ACS 5.1 Radius device administration error 11033

Unanswered Question
Jul 21st, 2010
User Badges:


I'm trying to configure ACS 5.1 as radius server for a catalyst switch but i can't make it work.

I keep on getting the "11033 Selected Service type is not Network Access" error message.

Tacacs works fine but radius does not.

Does anybody have a sample device administration config to use with RADIUS?

It seem the service type does not work with radius in this scenario ( radius + device admin).



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 1 (1 ratings)
Javier Henderson Thu, 07/22/2010 - 09:34
User Badges:
  • Cisco Employee,

The default access policy for RADIUS on ACS 5.1 is for network access, and you are trying to authenticate an interactice login. You need to create a new access policy, using RADIUS, and choose the correct login type.

ThibaultMean Fri, 07/23/2010 - 00:04
User Badges:


I am not using the default policy. I've created a new policy for device administration and Radius but each time I try to log into my switch I get this

11033 error message that basically tells me Radius is for network access not device administration.

...Hence my other post : is it possible to do RADIUS AAA for device admin with ACS 5.1?

So far I can't make it work and the report output is not verbose enough to tell the exact cause of this issue.



ThibaultMean Mon, 07/26/2010 - 00:53
User Badges:

Does anybody out there use ACS 5.1 with RADIUS for device administration?

Upenyu333_2 Tue, 09/14/2010 - 18:10
User Badges:


Please use TACACS for device admin and RADIUS for network access and make sure the config on the switch is pointing to the correct radius server host


radius-server host x.x.x.x auth-port 1812 acct-port 1813

Thats how I set-up my ACS5.1 and its working fine. I don't think you will be able to use RADIUS for device admin. Hope this helps

ThibaultMean Wed, 09/15/2010 - 00:59
User Badges:


Thanks for your help.

I'm still trying to find a way to configure ACS with RADIUS for device management.



ThibaultMean Mon, 09/20/2010 - 01:26
User Badges:

I've reinstalled ACS 5.0 from scratch on a VM (demo version) and it is now working fine.

Not sure about what exactly happened in the first place...

It's just a bit annoying that a fresh install or a server reboot are sometimes the only fix to a major issue.

I hope it is different with a real appliance.

ajay pandey Mon, 12/31/2012 - 01:34
User Badges:

Hello ibault,

I am also configuring ACS 5,3 for configuring some aaa clients switches to add as clinets for device management using radius.

can you give some hints to me ?



Peter Koltl Mon, 12/31/2012 - 09:39
User Badges:
  • Silver, 250 points or more
  • Community Spotlight Award,

    Member's Choice, March 2016

For CLI login, the Service-Type attribute must be set to Login on the RADIUS server.

ajay pandey Tue, 01/01/2013 - 21:57
User Badges:


Could someone let me know how I can use same aaa client for using as 802.1x authentication server & also to work as a proxy radius for device administration ?

Means :

for 802.1x network access of user  : ACS will work as authentication server

for Device management : ACS will work as proxy and send the request to ACS server.

johnnylingo Tue, 04/16/2013 - 14:44
User Badges:
  • Bronze, 100 points or more

I don't understand what you mean by "ACS will work as a proxy and send the request to an ACS server". 

Why would you want to proxy a request, just to send it to itself?

mateja.jovanovic Fri, 11/29/2013 - 06:33
User Badges:

Yeah, I also had this issue... It´s actually pretty easy to solve!

For ‘Administration of device via radIus’ you need to use Network Access service.

Go to

Access Policies > ... > Access  Services > Service Selection Rules

Check your RADIUS rule. You should have Network Access as the Service Type. Note that this cannot be modified, so delete the existing rule and create a new one with the same Identity and Authorization config.

Thats it, works as a charm


This Discussion

Related Content