I have configured radius for dot1x in an ACS 5.2. When I tried to connect a user to a dot1x enabled switch port, I get the following error in the radius.
The switchport configuration is :
switchport access vlan 810
switchport mode access
authentication event fail action authorize vlan 132
authentication event no-response action authorize vlan 810
authentication port-control auto
dot1x pae authenticator
dot1x max-req 3
ip verify source port-security
Please help in correcting this in ACS 5.2
Solved! Go to Solution.
Can you please illustrate what kind of authentication are you trying to achieve in dot1x .
Is it mschap(password based) or certificate based .
If it is password based then the configuration on ACS looks ok because the error says that ACS is configured for password based .Then we need to check the right EAP flavor on the client .
If it is certificate based then we need to create a certificate profile which will be called in identity ..
access policies == access service (name) == identity .
We first need to create the same under >>>>> user and identity stores == certificate authentication profile == specify what you want ACS to look in the certificate (example , cn ,subject) .
Look forward to hear from you .
Tushar Gaba .
|sers and Identity Stores >||Identity Store Sequences >||Edit: "CertBaseAuth"|
Thats seem to be the issue as I am not able to select any option under identity. Whenever I try to change any setting overthere for eg. select 'rule base result selection' and then try to edit the default rule, the below error comes:
Also to let u know the ACS here is an evaluation version.
Can it be related to it.
This is a known error .
Please log out of the ACS and log in back again .
Evaluated version should not be a problem .
Tushar Gaba .
When I click on the 'rule based result selection' below
and then try to create after clicking the checkbox beside the 'status'
The below popup appears:
What can be the issue?
The issue was with the firefox...not able to check the setting in it, properly. Making the changes through IE. Will revert back with the status.
Please don't forget to rate Tushar's feedback on this matter. Also, mark this thread resolved so that it may help other community members facing similar issues.
**Do rate helpful posts**
Thanks Tushar! Its working flawlessly now. Able to authenticate user on certificate base.
Lesson learnt: Always use IE for Cisco ACS GUI.
Most Welcome .
IE and Mozilla are the only documents browsers which support ACS .
The trick is the version of IE and MOZILLA .You can find the supported browsers and their versions in the release notes .
I hope it was helpful .Please rate if the issue stands resolved so that if any new person sees he/she can take it as a valuable solution .
Best regards ,
Tushar Gaba .
Can you please also let me know how to resolve issue of dot1x connectivity, when a user who has connected his laptop to a dot1x enabled port and the laptop is yet to boot.