Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1275
Views
0
Helpful
1
Replies

ESW 520 802.1x MAB authentication problem

ngtransge
Level 1
Level 1

‎07-28-2012 12:11 PM - edited ‎03-10-2019 07:21 PM

Hello,

I am having problem with 802.1x MAB authentication on ESW 520 switch, the authentication server is ACS 5.3.

The Authentication method on ESW is 802.1x & MAC, and Host Authentication mode is Multi Session. When i plug ip phone it never authenticate the phone, and on ACS I get following error message:

Radius authentication failed for USER: aa1effbb8fd4  MAC: aa-1E-FF-bb-8F-D4  AUTHTYPE:  Radius authentication failed

!

RADIUS Status:Authentication failed    : 11509 Access Service does not allow any EAP protocols

------

15004  Matched rule

15012  Selected Access Service - MAB

11507  Extracted EAP-Response/Identity

11509  Access Service does not allow any EAP protocols

11504  Prepared EAP-Failure

11003  Returned RADIUS Access-Reject

For that Access Service I have configured only Host Lookup.

The same ACS configuration is working perfectly on Catalyst 3560G switche.

It seems that ESW switch is not telling ACS that authentication is going to be by MAC address.

Do you have any idea what can be the problem.

Labels:
0 Helpful
1 Reply 1

Tarik Admani
VIP Alumni
VIP Alumni

‎07-28-2012 02:07 PM

Are you hitting the same selection rule? Also is "mab eap" configured globally on the switch, or on the port itself?

Also can you post the port configuration and the show ver of the ESW?

Thanks,

Tarik Admani
*Please rate helpful posts*

0 Helpful
Customers Also Viewed These Support Documents