Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

ACS 5.4 authenticating 802.1x

Hi all,

Does anyone know why I am having troubles with Juniper SRX240 on ACS 5.4, its not behaving like the rest of my Cisco kit.

The good:

AAA   - ACS working OK for all switches/routers/firewall etc using TACACS+.

Dot1x -  phones, printer, and PC supplicants are all good using RADIUS on Cisco 3750s and 6509s.

Juniper - All devices working great with no Dot1x config. PCs hanging off 797x phones.  Phones all registered and UP on voice vlan.

The bad:

Juniper - Dot1x configured and ACS Monitoring and Reports tool shows GREEN entry and says all good!  But devices can't get a link.

Am I missing a custom attribute on ACS for the Juniper sessions?

I had to enter these two to get TACACS working properly for the Juniper box

- vsys          mandatory     root

- privilege     mandatory     root

Maybe I need something similar for RADIUS authorisations for supplicant devices too I don't know!

Also, do I need another Policy Element > Authorisation Profile on my ACS like the "cisco-av-pair device-traffic-class=voice", but an equivilent Juniper one to allow voice-vlan access?

Any help appreciated,


New Member

ACS 5.4 authenticating 802.1x

New Member

ACS 5.4 authenticating 802.1x


Yep I started there but had no luck and tried here.  BigResource is usually a great site I use it all the time, butI can't seemed to find any help on ACS authenticating dot1x supplicants, but Juniper SRX still denying access.

But thanks anyway for the suggestion Lenka.


CreatePlease to create content