Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ESW 520 802.1x MAB authentication problem


I am having problem with 802.1x MAB authentication on ESW 520 switch, the authentication server is ACS 5.3.

The Authentication method on ESW is 802.1x & MAC, and Host Authentication mode is Multi Session. When i plug ip phone it never authenticate the phone, and on ACS I get following error message:

Radius authentication failed for USER: aa1effbb8fd4  MAC: aa-1E-FF-bb-8F-D4  AUTHTYPE:  Radius authentication failed


RADIUS Status:Authentication failed    : 11509 Access Service does not allow any EAP protocols


15004  Matched rule

15012  Selected Access Service - MAB

11507  Extracted EAP-Response/Identity

11509  Access Service does not allow any EAP protocols

11504  Prepared EAP-Failure

11003  Returned RADIUS Access-Reject

For that Access Service I have configured only Host Lookup.

The same ACS configuration is working perfectly on Catalyst 3560G switche.

It seems that ESW switch is not telling ACS that authentication is going to be by MAC address.

Do you have any idea what can be the problem.

Everyone's tags (6)

ESW 520 802.1x MAB authentication problem

Are you hitting the same selection rule? Also is "mab eap" configured globally on the switch, or on the port itself?

Also can you post the port configuration and the show ver of the ESW?


Tarik Admani
*Please rate helpful posts*

Tarik Admani *Please rate helpful posts*
CreatePlease login to create content