Hi. I have just upgraded my 1200AP to IOS Version 12.2(11)JA1. I am using LEAP with MAC address auth in the ACS (version 3.0). I cannot get onto LAN though. Error on ACS failed auth report says 'User Access Filtered' even though the MAC of the card is in there. I can still authenticate with AP's that are still at old version though. A debug on IOS AP shows that the ACS is replying with a FAIL auth after LEAP negotiation and the ACS interestingly gives the failed MAC address as AAAA.BBBB.CCCC (note dots between) making me think that the AP is sending it in that format instead of AAAABBBBCCCC. I cannot add the MAC to the ACS in the dotted format as it is a 12 character string. Is this a format issue with the RADIUS passthru? Has anyone any idea why this is happening? Thanks for any help in advance.
Just thought I would let you know that I have got the cause of this. This happens if MAC authentication is enabled in the ACS. Once I turned that off it worked again. I think it is due to a format error in the data sent from ap to acs.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...