Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ACS 5.3 - Suffix Stripping via PEAP (MS-Chapv2)

Is it possible to strip suffix on wireless client running PEAP (MS-CHAPv2). ACS version 5.3 (patch 5) - 5-3-0-40-5

Look like ACS 5.1 does not support this - see below link

https://supportforums.cisco.com/message/3272291#3272291

Thanks,

C

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Silver

ACS 5.3 - Suffix Stripping via PEAP (MS-Chapv2)

You did have it in your blog George:)

http://www.my80211.com/home/2011/11/8/cisco-acs-5x-radius-proxy-server-to-strip-prefix-or-suffix-u.html

-Scott
*** Please rate helpful posts ***
12 REPLIES

ACS 5.3 - Suffix Stripping via PEAP (MS-Chapv2)

Hi Colmgrier,

When I get home I can post the step by step, but yes you can strip a prefix or suffix with acs 5.x. It does require some hokey pokey config, :).

You need to proxy the request after it being stripped.

__________________________________________________________________________________________ "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin ___________________________________________________________
Hall of Fame Super Silver

ACS 5.3 - Suffix Stripping via PEAP (MS-Chapv2)

You did have it in your blog George:)

http://www.my80211.com/home/2011/11/8/cisco-acs-5x-radius-proxy-server-to-strip-prefix-or-suffix-u.html

-Scott
*** Please rate helpful posts ***

ACS 5.3 - Suffix Stripping via PEAP (MS-Chapv2)

Thanks Scott ! I forgot I posted that one ..

__________________________________________________________________________________________ "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin ___________________________________________________________
Hall of Fame Super Silver

ACS 5.3 - Suffix Stripping via PEAP (MS-Chapv2)

haha.... thats too funny:)

-Scott
*** Please rate helpful posts ***
New Member

ACS 5.3 - Suffix Stripping via PEAP (MS-Chapv2)

Thanks for the below solution.

http://www.my80211.com/home/2011/11/8/cisco-acs-5x-radius-proxy-server-to-strip-prefix-or-suffix-u.html

I have tested this and it is only working with wired radius client using PAP??

Wireless clients still failing using PEAP (MS-CHAPv2).

I will open a TAC case on Monday am.

Re: ACS 5.3 - Suffix Stripping via PEAP (MS-Chapv2)

Ok report back.. Curious to see what your issue is ...

Sent from Cisco Technical Support iPhone App

__________________________________________________________________________________________ "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin ___________________________________________________________
New Member

ACS 5.3 - Suffix Stripping via PEAP (MS-Chapv2)

ACS 5.3 - does not support PEAP (MS-CHAPv2). - confirmed by TAC.

ACS 4x has a 'special feature' (hack) to allow this.

George Stefanick wrote:

Ok report back.. Curious to see what your issue is ...

Sent from Cisco Technical Support iPhone App

Re: ACS 5.3 - Suffix Stripping via PEAP (MS-Chapv2)

I agree won't work out of the box. You need to set up a proxy like in my blog post.

Sent from Cisco Technical Support iPhone App

__________________________________________________________________________________________ "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin ___________________________________________________________
New Member

Re: ACS 5.3 - Suffix Stripping via PEAP (MS-Chapv2)

Does not work using proxy - TAC explored all options.

Re: ACS 5.3 - Suffix Stripping via PEAP (MS-Chapv2)

I find that hard to believe .. I have it working on my network.

Sent from Cisco Technical Support iPhone App

__________________________________________________________________________________________ "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin ___________________________________________________________

Re: ACS 5.3 - Suffix Stripping via PEAP (MS-Chapv2)

Are you using the NAM supplicant or the native supplicant? Also why are you wanting to strip the suffix is this for a multidomain environment?

Tarik Admani *Please rate helpful posts*
New Member

ACS 5.3 - Suffix Stripping via PEAP (MS-Chapv2)

I followed the setup, and this does not appear to work when using PEAP MSCHAPv2 in ACS 5.3 and AD as the external identity store. Can somone please confirm if this is supposed to work with PEAP MSCHAP v2? Conflicting reports...

955
Views
0
Helpful
12
Replies
CreatePlease login to create content