ACS 5.1 Radius device administration error 11033

ThibaultMean · ‎07-21-2010

Hello,

I'm trying to configure ACS 5.1 as radius server for a catalyst switch but i can't make it work.

I keep on getting the "11033 Selected Service type is not Network Access" error message.

Tacacs works fine but radius does not.

Does anybody have a sample device administration config to use with RADIUS?

It seem the service type does not work with radius in this scenario ( radius + device admin).

Regards,

Thibault.

Javier Henderson · ‎07-22-2010

The default access policy for RADIUS on ACS 5.1 is for network access, and you are trying to authenticate an interactice login. You need to create a new access policy, using RADIUS, and choose the correct login type.

ThibaultMean · ‎07-23-2010

Hello,

I am not using the default policy. I've created a new policy for device administration and Radius but each time I try to log into my switch I get this

11033 error message that basically tells me Radius is for network access not device administration.

...Hence my other post : is it possible to do RADIUS AAA for device admin with ACS 5.1?

So far I can't make it work and the report output is not verbose enough to tell the exact cause of this issue.

Regards,

Thibault.

ThibaultMean · ‎07-26-2010

Does anybody out there use ACS 5.1 with RADIUS for device administration?

Upenyu333_2 · ‎09-14-2010

Hey,

Please use TACACS for device admin and RADIUS for network access and make sure the config on the switch is pointing to the correct radius server host

eg

radius-server host x.x.x.x auth-port 1812 acct-port 1813

Thats how I set-up my ACS5.1 and its working fine. I don't think you will be able to use RADIUS for device admin. Hope this helps

ThibaultMean · ‎09-15-2010

Hi,

Thanks for your help.

I'm still trying to find a way to configure ACS with RADIUS for device management.

Regards,

Thibault.

ThibaultMean · ‎09-20-2010

I've reinstalled ACS 5.0 from scratch on a VM (demo version) and it is now working fine.

Not sure about what exactly happened in the first place...

It's just a bit annoying that a fresh install or a server reboot are sometimes the only fix to a major issue.

I hope it is different with a real appliance.

ajay pandey · ‎12-31-2012

Hello ibault,

I am also configuring ACS 5,3 for configuring some aaa clients switches to add as clinets for device management using radius.

can you give some hints to me ?

Regards

Ajay

Peter Koltl · ‎12-31-2012

For CLI login, the Service-Type attribute must be set to Login on the RADIUS server.

ajay pandey · ‎01-01-2013

Hi,

Could someone let me know how I can use same aaa client for using as 802.1x authentication server & also to work as a proxy radius for device administration ?

Means :

for 802.1x network access of user : ACS will work as authentication server

for Device management : ACS will work as proxy and send the request to ACS server.

johnnylingo · ‎04-16-2013

I don't understand what you mean by "ACS will work as a proxy and send the request to an ACS server".

Why would you want to proxy a request, just to send it to itself?

mateja.jovanovic · ‎11-29-2013

Yeah, I also had this issue... It´s actually pretty easy to solve!

For ‘Administration of device via radIus’ you need to use Network Access service.

Go to

Access Policies >

Access Services >

Service Selection Rules

Check your RADIUS rule. You should have Network Access as the Service Type. Note that this cannot be modified, so delete the existing rule and create a new one with the same Identity and Authorization config.

Thats it, works as a charm