I tried to authenticate user from juniper EX switch to Cisco ACS Radius. The ACS can authenticate normal user via 802.1x but not MAB.
I set in the acs to authenticate any request using RADIUS IETF.
I also tried to connect to different ACS server using the same config and supprisingly it works. The only different is the ACS do not has my certificate installed.
I attached the log for reference packet capture for reference. It seems that the ACS replies encrpyted message to the EX switch
This is the log from EX switch ( i know, this is cisco forum, but i could give some clue.)
Feb 14 01:45:50.618026 Sending message to authentication client Feb 14 01:45:50.622833 Received message from authentication client Feb 14 01:45:50.622887 reply: 1cf7924 rply_hdr: 1cf9000 bytes_remnant len:28 reply_len:28 Feb 14 01:45:50.622917 hdr_bytes_read 0 Feb 14 01:45:50.622937 len read : 28 reply_len: 2983 Feb 14 01:45:50.622991 bytes_remnant 2955 tot_bytes_read 28 Feb 14 01:45:50.623028 bytes_read 2955 Feb 14 01:45:50.623048 Creating background job to process reply from authentication client Feb 14 01:45:50.623117 Entering background job to process message from authentication client Feb 14 01:45:50.623145 process_auth_reply len:2983 Feb 14 01:45:50.623182 Received Access-Challenge authentication message Feb 14 01:45:50.623206 Invoking state machine for authentication response for mac address 00:1E:37:86:A2:04 Feb 14 01:45:50.623226 on intf ge-0/0/1.0
Feb 14 01:45:50.623259 ASIF: Handing over Server frame to Authenticator
Feb 14 01:45:50.623287 AUTH: Handling Server Frame
Feb 14 01:45:50.623318 SessNode got from SessIdtbl for Id 126 is : 1d1d000, Port: 67
Feb 14 01:45:50.623347 Code = 1, Id = 126, Len = 6
Feb 14 01:45:50.623375 ASIF: Handing over Server frame to Authenticator 67.
Feb 14 01:45:50.623403 PnacAsIfRecvFromServer : Rad Attr Statelen = 25 Feb 14 01:45:50.623421 Rad Attr Class Len = 0 Feb 14 01:45:50.623445 PnacAuthPrepareMD5Response Pkt type 25 is not MD5.
Feb 14 01:45:50.623473 PnacAuthMacRadiusReply : MD5 response prep failed.
Feb 14 01:45:50.623499 AuthHandleInServerFrame:MAC RADIUS RESP failed
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...