I have an appliance ACS v4.1 and I use 802.1X PEAP authentication.
All work fine for PC which are 802.1X compliant with an external database Active Directory
But when you wan't to authenticate a non 802.1X device such as printer, the ACS log an "Internal Error" in Authentication failure code on the Failed report.
I have create an object on AD that have the username = @MAC and password = @MAC
Can you tell me if you have solution to solve this problem ?
Thanks for your help
I'not sure if you have configured MAB. To achieve it we need to set up MAB.
I have look this configuration, but in "Network Access Profile" you can only configure a type of Mac authentication bypass with ACS Internal Database or LDAP Server but not with an Active Directory Database ?
When I configure This whis Internal Database it's work fine and the message "Internal Error" don't Appear.
But I have look on a meeting, that can do this with an Active Directoy database .
If you have other solutions
I haven't done that, might not be possible either. But you can start with how exactly the unknown device is being discovered.
If you have ACS for windows, turn it on to full logging from System Configuration > Service Control > Level of Detail > Full > Restart.
And when the authentication fails with Internal Error code, take the time stamp when it failed, and search how exactly the device was searched from Auth.log file. Its a simple readable text file. found from,
It will give you a pretty good idea.
Do share the result!
I have an appliance ACS and log don't show nothing else that :
05/25/2007 17:00:51 Authen failed 000d6013d891 Printers 00-0D-60-13-D8-91 (Default) Internal error .. .. 50019 10.253.104.94 .. .. .. .. .. gvanet01 ..
I can't have a more precisely log i think
I have open a call on cisco and i wait for a reponse
This is how you can get logs from acs appliance,
Make sure login is full,
System Configuration --> Support --> Run Support Now.
After a min it will ask you to save a file"Package.cab". This file contains all of the log information from ACS.
First, ACS should not log "Internal Error" in Authentication failure code on the Failed report.
It should also work by creating an object on AD if you like for the username = @MAC and password = @MAC.
This documentation reference is incorrect to achieve such an operation:
You're running into CSCsh62641. This has been fixed and you need ACS 4.1(3). See the release notes here:
The summary is, it allows you to only look at the CLID field (Re: the way "MAB: is documented above) OR to be able to just define a MAC as a "user account" somewhere like in Active Directory.
Hope this helps,
The problem is solve when I upgrade ACS to 220.127.116.11.
And now i have no error message and Mac Authentication Bypass works fine with Active Directory
Thanks for your help