If you've got an ACS SE you might be suffering from a common config bug:
Interface Configuration, Advanced Options. Check the Distributed System Settings box.
Network Configuration and under Proxy Distribution Table click the (Default) link.
In the table you should see one server in the AAA Servers column and one in the Forward To column, make sure your server is in the Forward To column and the other one is in the AAA Servers column.
Once you've done that you should see auth requests being logged. This is due to a bug in the Windows IP stack which results in a "ghost" server being configured on the inactive NIC when you first set the server up, ACS configured itself to send all auth traffic to the ghost so it gets black-holed.
1) one 3550 switch directly connected to the ACS SE and windows 2003 server with AD and CA installed on it connected to the same switch.
4 ports are in 802.1x auto mode the rest are in pure layer 2
10.73.1.10 - ACS
10.73.1.5 - Windows 2003 Server
2) AD has 4 global security groups , IT, Marketing, Sales, Finance with 2 members each in it. Remote agent installed on the server.
3) ACS SE Config
a) Selected most of the options in interface config to be displayed under user and group setup
b) in network config .. i did not know how to add the 3550 switch to the NDG as its in layer 2.. do not understand wat IP address i can give there. but just added it with an ip address from 10.73.x.x range.. as this is my network.
c) in the proxy distribution table.. i only see one server and ive moved it to the "Foward to" coloumn
4) I have obtained a certificate from the windows ca and installed it on the ACS
5) External user database.. i found my ad and mapped each group from the windows databse to a group number .. and the edited the group settings in the group setup
6) when i enter the user name and password on the end user computer connected to the dot1x ports.. it send the info out..i can view this on the switch.. but it says that the 10.73.1.10 server on ports 1812,1813 is dead ..
i do not understand where img oing wrong.. this is wat ive read to do on most documents..
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...