Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Users might experience few discrepancies in Search results. We are working on this on our side. We apologize for the inconvenience it may have caused.
New Member

ACS 3.1 & dot1x & PEAP don't work

I'am trying to Implement "Port Based Network Access Control" with PEAP in SWITCHING Environment:

W2000/XP Client (PEAP & Cert & HW token)

Catalyst 2950-12 w/setup for 802.1x, or Hp Prcurve 5304xl w/ setup fot 802.1x

ACS 3.1 (with Server-Certificate & Radius IETF & External Database NT/2000

Microsoft CA & AD.

The ACS is logging the Request with this fault.

Message-Type: "NAS duplicated authentication account"

If I config Hp switch with radius-server CHAP, all works good, but if I config hp switch with radiu-server EAP, or config cisco switch, this error message appears.

With Hp switch, PEAP and IAS, all works good.

I'am searching in cisco www about this error's code, but nothing...

what I'm doing wrong?

thanx

4 REPLIES
New Member

Re: ACS 3.1 & dot1x & PEAP don't work

Hi,

We need to get some detail logs from the ACS server when you are trying to do PEAP.

If you can open a case with the TAC it will be helpful.

Thanks

Sujit

New Member

Re: ACS 3.1 & dot1x & PEAP don't work

Hi,

I'm working in a lab scenario with ACS 3.1 TRIAL VERSION, testing this configuration for one of our clients....

Can I open a case with the TAC with a Trial version?

Thanks

New Member

Re: ACS 3.1 & dot1x & PEAP don't work

This will not work unless you use the Aironet PEAP drivers on the client computers. Microsoft release their drivers as EAP-MSCHAPv2 and ACS3.1 will not work with this. ACS3.2 is supposed to fix this and allow the ACS to support the microsoft drivers. If you use the Aironet PEAP drivers you will have to login 2 times. One time with the OS login and another time for the 802.1x login. The Aironet drivers do not hook in to the OS login.

JC

Silver

Re: ACS 3.1 & dot1x & PEAP don't work

XP running sp1 gives you this problem. Without sp1, this works fine. Thanks, Mynul

168
Views
0
Helpful
4
Replies
CreatePlease to create content