I'm trying to configure ACS 5.1 as radius server for a catalyst switch but i can't make it work.
I keep on getting the "11033 Selected Service type is not Network Access" error message.
Tacacs works fine but radius does not.
Does anybody have a sample device administration config to use with RADIUS?
It seem the service type does not work with radius in this scenario ( radius + device admin).
The default access policy for RADIUS on ACS 5.1 is for network access, and you are trying to authenticate an interactice login. You need to create a new access policy, using RADIUS, and choose the correct login type.
I am not using the default policy. I've created a new policy for device administration and Radius but each time I try to log into my switch I get this
11033 error message that basically tells me Radius is for network access not device administration.
...Hence my other post : is it possible to do RADIUS AAA for device admin with ACS 5.1?
So far I can't make it work and the report output is not verbose enough to tell the exact cause of this issue.
Please use TACACS for device admin and RADIUS for network access and make sure the config on the switch is pointing to the correct radius server host
radius-server host x.x.x.x auth-port 1812 acct-port 1813
Thats how I set-up my ACS5.1 and its working fine. I don't think you will be able to use RADIUS for device admin. Hope this helps
Thanks for your help.
I'm still trying to find a way to configure ACS with RADIUS for device management.
I've reinstalled ACS 5.0 from scratch on a VM (demo version) and it is now working fine.
Not sure about what exactly happened in the first place...
It's just a bit annoying that a fresh install or a server reboot are sometimes the only fix to a major issue.
I hope it is different with a real appliance.
I am also configuring ACS 5,3 for configuring some aaa clients switches to add as clinets for device management using radius.
can you give some hints to me ?
Could someone let me know how I can use same aaa client for using as 802.1x authentication server & also to work as a proxy radius for device administration ?
for 802.1x network access of user : ACS will work as authentication server
for Device management : ACS will work as proxy and send the request to ACS server.
I don't understand what you mean by "ACS will work as a proxy and send the request to an ACS server".
Why would you want to proxy a request, just to send it to itself?
Yeah, I also had this issue... It´s actually pretty easy to solve!
For ‘Administration of device via radIus’ you need to use Network Access service.
|Access Policies >||... >||Access Services >||Service Selection Rules|
Check your RADIUS rule. You should have Network Access as the Service Type. Note that this cannot be modified, so delete the existing rule and create a new one with the same Identity and Authorization config.
Thats it, works as a charm