cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
724
Views
5
Helpful
20
Replies

802.1x authentication plz help

shaila_rox
Level 1
Level 1

hi guys, i was trying 802.1x authentication on 2950 switch, i had acs 3.3 configured properly, i was using win xp on the pc i need to be authenticated, all goes well and pc is prompted for username, password, domain name, i want to know wat i have to enter in the domain name ???? my pc wasnt connected to any doamin as far as i remember but still any help plz ????

thanks in advance

20 Replies 20

ahmednaas
Level 4
Level 4

did you try leaving it blank?

purohit_810
Level 5
Level 5

Hi,

You have to say something more about problem such as what's problem?? such as .. authentication faulure by server or what?? or if possible log .

If you are working on domain... you need to upgrade you ACS server's operating system to SERVER addition.

After that you need to authenticate with domain and when you are creating the database...into ACS server.... you have to point out WINNT DATABASE.

Please let me know... r u solving problem or not???

see i have installed ACS 3.3 on 1 machine running windows server 2003, i have client running windows xp, now on client in LAN properties under Authentication TAB i have selected MD-5 challenge, on ACS i defined a username and password, on 2950 i have also configured 802.1x authentication, now whenever the client pc connects to the port it is asked for authentication, i supplied username and password and leaving the domain name blank so the authentication failed !!! my client pc is not part of any domain so which domain name authentication is asking for ??? plz tell now

You need to run through the following checklist:

1. Have you setup "aaa authentication dot1x..." command to use your ACS?

2. Have you added your 2950 as a AAA client. If yes, make sure you have the correct shared secret on both ACS and the 2950.

3. Have you used the "aaa authorization network ..." command to use the RADIUS (ACS) server?

4. Check the failed authentication section in "Activity Reports" on your ACS to see the reason for your logon failure. If you see "Unknown NAS" error, you have not configured No.2 above correctly. If you see "login failed" and "invalid username or Password" then the username/password is not setup correctly.

If possible copy/paste your 2950's configuration.

i already did all wat u have mentioned, actually wat i want to know is that on windows xp when i m prompted to enter the username and password it also asks 3rd thing the domain name !! i want to know where did this domain name came from ??? wat i have to enter in this field, plz remember my pc is on workgroup (its a lab environment) and not on any domain !! now plz tell me wat i have to enter in the domain name field ??

thanks in advance

Did you try keep the domain blank?

Sorry, since you did the blank domain.

Read the attached document, i think it is helpful!

see, i m using MD5 challenge in the authentication tab !! i m sorry i didnt mentioned it before really sorry, can u plz tell me now wat to do ???

At the ACS, did u see failed or success attempts?

did u try to put domain name as ur windows 2003 server domain where ACS is installed..try to put domain name of the server where ACS is installed.

Ninja

In That case shaila... Creat ACS server's own database.

In authentication box, select RADIUS.

So, it will not look up any domain at the time of authentication.

Regards,

Dharmesh Purohit

Hi Shaila,

Choose CISCO SECURE DATABSE.

To select CISCO SECURE DATABASE....... ACS SERVER WILL AUTHENTICATE LOCALLY..

It will not look up any domain or databse.

Regards,

Dharmesh Purohit

hi,, well this is wat i tried in the lab today, the pc running ACS was not on domain it was on workgroup, the client pc running windows xp was also running on workgroup, i selected md5 challenge in the auth tab, now i followed the bcmsn exam cert guide and i m quite sure that i configured everything correctly, i got the username/pass prompt still including logon domain !!, i tried all the combination --> leaving blank, entered the name of my own workgroup but nothing, authentication failed as usual, i ran debug on 2950 it said once that no server found !!! but after few tries i didnt get this msg anymore just couple other statements and authentication failed, wat is to note is the ip and mac address were successfully rec and processed but still the pc is not authenticated, wat i think is that something is wrong with the logon domain, i will be gratefull if any of u can consult some mcse expert to resolve the issue n i also thanks alot for ur guys feedback thank u very much but plz try to help me out

thanks again in advance to all tht r helping me out

Shaila,

Did you tried to do... what i said?

There is nothing boss abnout domain of anything.

Unless You are specifying.

Do try one again.

in authentication Using BOX.

1) Need to specify WINDOWS NT DATABASE - It will use Domain database for authentication.

2) If you are specifying CISCO SECURE DATABASE - Mean it will authenticate local RADIUS SERVER databse. In this case, it is regardless DOMAIN AUTHENTICATION.

3)If you would put up into domain OR any EXTERNAL DATABASE, you have to follow following steps:

Please look into attached FILE.

Shaila what you are doing and where you are confident.... I don't know.

The ACS configuration is too simple and straight. In that nothing yaar.... beleive.

Regards,

Dharmesh Purohit

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco