07-21-2010 06:05 AM - edited 03-10-2019 05:16 PM
Hello,
I'm trying to configure ACS 5.1 as radius server for a catalyst switch but i can't make it work.
I keep on getting the "11033 Selected Service type is not Network Access" error message.
Tacacs works fine but radius does not.
Does anybody have a sample device administration config to use with RADIUS?
It seem the service type does not work with radius in this scenario ( radius + device admin).
Regards,
Thibault.
07-22-2010 09:34 AM
The default access policy for RADIUS on ACS 5.1 is for network access, and you are trying to authenticate an interactice login. You need to create a new access policy, using RADIUS, and choose the correct login type.
07-23-2010 12:04 AM
Hello,
I am not using the default policy. I've created a new policy for device administration and Radius but each time I try to log into my switch I get this
11033 error message that basically tells me Radius is for network access not device administration.
...Hence my other post : is it possible to do RADIUS AAA for device admin with ACS 5.1?
So far I can't make it work and the report output is not verbose enough to tell the exact cause of this issue.
Regards,
Thibault.
07-26-2010 12:53 AM
Does anybody out there use ACS 5.1 with RADIUS for device administration?
09-14-2010 06:10 PM
Hey,
Please use TACACS for device admin and RADIUS for network access and make sure the config on the switch is pointing to the correct radius server host
eg
radius-server host x.x.x.x auth-port 1812 acct-port 1813
Thats how I set-up my ACS5.1 and its working fine. I don't think you will be able to use RADIUS for device admin. Hope this helps
09-15-2010 12:59 AM
Hi,
Thanks for your help.
I'm still trying to find a way to configure ACS with RADIUS for device management.
Regards,
Thibault.
09-20-2010 01:26 AM
I've reinstalled ACS 5.0 from scratch on a VM (demo version) and it is now working fine.
Not sure about what exactly happened in the first place...
It's just a bit annoying that a fresh install or a server reboot are sometimes the only fix to a major issue.
I hope it is different with a real appliance.
12-31-2012 01:34 AM
Hello ibault,
I am also configuring ACS 5,3 for configuring some aaa clients switches to add as clinets for device management using radius.
can you give some hints to me ?
Regards
Ajay
12-31-2012 09:39 AM
For CLI login, the Service-Type attribute must be set to Login on the RADIUS server.
01-01-2013 09:57 PM
Hi,
Could someone let me know how I can use same aaa client for using as 802.1x authentication server & also to work as a proxy radius for device administration ?
Means :
for 802.1x network access of user : ACS will work as authentication server
for Device management : ACS will work as proxy and send the request to ACS server.
04-16-2013 02:44 PM
I don't understand what you mean by "ACS will work as a proxy and send the request to an ACS server".
Why would you want to proxy a request, just to send it to itself?
11-29-2013 06:33 AM
Yeah, I also had this issue... It´s actually pretty easy to solve!
For ‘Administration of device via radIus’ you need to use Network Access service.
Go to
Access Policies > | ... > | Access Services > | Service Selection Rules |
Check your RADIUS rule. You should have Network Access as the Service Type. Note that this cannot be modified, so delete the existing rule and create a new one with the same Identity and Authorization config.
Thats it, works as a charm
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: