Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

In the CiscoSecure ACS for Windows version 3.x, the CSUtil is not able to add other NAS vendors to the GENERIC EAP.dll

Core issue

This problem was first seen with CiscoSecure ACS for Windows version 3.2(1.20). This issue occurs due to the presence of Cisco bug ID CSCec26584.

CiscoSecure ACS for Windows currently supports EAP for only four RADIUS types (Internet Engineering Task Force [IETF], Cisco IOS /PIX Firewall, Cisco VPN 3000, and Cisco Aironet). The only way to add EAP support for other RADIUS types is through the registry.

When an imported RADIUS Vendor-specific Attribute (VSA) is used as the Network Access Server (NAS) type for 802.1x, EAP requests are rejected. The CiscoSecure ACS for Windows logs show that there is no association between X vendor and the GenericEAP.dll.

Resolution

As a workaround, verify that the IETF RADIUS NAS type is used. If so, everything works fine. If it is not used, create an association in the CiscoSecure ACS for Windows registry between the NAS vendor and the Generic EAP.dll, as such:

  1. Locate the NAS vendor number:

    HKEY_LOCAL_MACHINE\Cisco\CiscoAAAv3.2\NAS Vendors

  2. Add this number to this directory:

    HKEY_LOCAL_MACHINE\SOFTWARE\Cisco\CiscoAAAv3.
    2\CSRadius\ExtensionPoints\002\AssociateWithVendors
451
Views
0
Helpful
0
Comments