Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

CAR 4.1, External ODBC DB and eap-ttls, configuration

I?m trying to authenticate users with an external ORACLE data base and implementing eap-ttls to validate users with CAR 4.1 server but I still can?t have a successful request, so I decide to follow the steeps cisco documentation have to implement eap-ttls in CAR 4.1 with local users and the result was the same, I haven?t an successful request again, so at this moment have the doubt I is a problem in my configuration or if CAR really does support eap-ttls, specially with external data bases, does anyone has implemented something similar or know an example that shows if this implementation is possible ???

I really appreciate any suggestion or guide

  • AAA Identity and NAC

Re: CAR 4.1, External ODBC DB and eap-ttls, configuration

You should check if you have defined a service that defines which method you use to look up user records, e.g. one of local, odbc, domain-auth, ldap, rex or java. For example, check if you already have a service called "local-file" to look up users in the local database. If you have recently upgraed CAR form a lower version then the problem may be due to licence issues and you should renew your licence.

New Member

Re: CAR 4.1, External ODBC DB and eap-ttls, configuration

Cisco Access Registrar supports EAP-TTLS with internal as well as external LDAP/ORACLE database.

[In AR4.1, you might get a validation error when you try to configure a odbc or ldap service as the inner method. This is a validation issue with AR CLI and can be worked-around.]

You have mentioned that you could not get TTLS service up using local database as well.

Double check your configuration and make sure that you have updated licenses.

AR trace messages captured at level 5 should give a clue as to why authentication is failing.