03-12-2003 11:26 AM - edited 03-10-2019 07:12 AM
Hi,
I'm working with 802.1x over catalyst switch, ACS 3.1 as Radius and external DB users authentication on Ms Active Directory with LDAP.
My questions are:
1) Are the only EAP's version supported by catalyst, MD5-EAP and EAP-TLS (not PEAP and LEAP);
2) The only supported method to authenticate users from ACS to AD is EAP-TLS? is EAP-MD5 not supported over LDAP access protocol?
3) Can I import the users from Active Directory to Internal ACS data base? (like a RDBMS...)
thanks,
Graz.
03-18-2003 12:59 PM
The following document gives some idea on importing users from RDBMS to internal ACS Data base
04-15-2003 01:15 PM
EAP-MD5 is supported with IAS over ActiveDirectory. I tested it ! It worked fine.
04-24-2003 12:40 PM
EAP-PEAP-MSCHAP v2 is working fine too !!
Very simple to implement and to use compared to EAP-TLS ...
10-09-2003 03:23 AM
Are you workin with catalyst switches an EAP-PEAP-MSCHAP v2. How do you import connect Microsoft Database with Cisco ACS?
10-09-2003 06:52 AM
it works fine as long as you don't run login scripts, roaming profilse, etc. You should probably upgrade to acs 3.2, and good luck on the rest. If you want to use it in a live environment with login scripts, different users/vlans, etc, you will have to implement certificates, add a registry value called supplicant mode, and get the latest hotfix from microsoft that allows the client to re dhcp after the client authenticates and changes vlans
11-19-2004 03:14 AM
I am in a installation with 802.1x.
I have install a Cisco ACS and cisco 2950 Switch and I am authorizating users via MS-CHAPv2 against the Cisco ACS
ACS is validating users against a Microsoft Active directory.
I have the following problem: When user logs in, it takes between 45 to 90 seg to log the user and change the vlan.
I have install Windows XP Service Pack 2 and patches:
xp-kb817778-x86-esn
xp-kb826942-x86-esn
I have change the switch software to the latest release.
How can I reduce this delay? Any idea?
11-21-2004 04:58 PM
It takes 45 to 90 sec to:
Authenticate the user?
Change the IP Address after changing the VLAN?
11-22-2004 12:02 AM
Jafrazie,it takes 45 to 90 sec since I log in with the username and password till the port is in green.
11-22-2004 06:15 AM
OK, port turns green as soon as it is put into forwarding, or when it send an EAP-Success frame to the supplicant. Need code/switch rev to determine more to rule it out, but a sniff from the PCs port will let you know what's going on.
It looks like standard auth is taking too long.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: