Can dot1x authetication relayed by ACSv4.2 to another RADIUS Server ?

Dear all,
I'm doing dot1x authentication with ACSv4.2 , my goal is the dot1x authentication request (EAP-MD5) is relayed to another RADIUS Server by ACSv4.2.
I'd configured the ACS to use External Database with Radius Token Server, but it did not work. With the same configuration , the login authentication is relayed correctly.
Can dot1x authetication relayed by ACSv4.2 to another RADIUS Server ?
Jerry

I think it is possible because Extensible Authentication Protocol (EAP), provides the ability to deploy RADIUS into Ethernet network environments. The 802.1x standard, also known as EAP over LAN (EAPoL), concerns the part of the wider EAP standard that relates to broadcast media networks. Upon connection, EAPoL provides a communications channel between an end user on a client LAN device to the AAA server through the LAN switch. The functionality is similar to what Point-to-Point Protocol (PPP) servers on point-to-point links provide.
Hope the following URL helps you:
http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2/configuration/guide/deploy.html
Following URL explains about enhanced login features in ACS 4.2
http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2/configuration/guide/new_feats.html#wp1011240

Similar Messages

  • 802.1x authetication with dynamic Vlan assignment by a radius server

    Hi
    At school I want to start using 802.1x authentication with dynamic Vlan assignment by a Windows Server 2012R2 Radius server.
    When a student logs in, I want it to be placed in the "Students" Vlan, when a Administrative employee logs in, I want it to be placed in the "Administative" vlan and when the client is unknown I want to place it in the "Guest" Vlan.
    I have several SG200 switches and I configured everything as mentioned in the administrative guide but I cannot get it to work as desired.
    What does work:
    - If the client is permitted, the switch changes to "authorized" state. (before anyone logs on to the domain with that client)
    - When a User logs on that is part of the Administrative employees, the switch changes to "authorized" and when a student logs on, it changes to "unauthorized". 
    So far so good.
    But what doesn't work:
    - it does not put the administrative employee in the Vlan "Administrative", it just enables the port on the switch but leaves it in the default vlan 1.
    - I can not find the Guest VLAN.
    Any help would be appriciated.

    Hi Wouter,
    Can you see in the packet capture Radius accept message VLAN attribute? Also please ensure you have the latest firmware and boot code:
    http://www.cisco.com/c/en/us/support/switches/sg200-26-26-port-gigabit-smart-switch/model.html#~rdtab1
    I would recommend you to open ticket with Small Business team so they can go with you through packet capture and configuration steps:
    http://www.cisco.com/c/en/us/support/web/tsd-cisco-small-business-support-center-contacts.html
    Regards,
    Aleksandra 

  • How can I consume a transaction which is on another SAP server or client?

    Hi.
    I work on SAP Collateral Managements (SAP CMS), on the transaction (cms_wb), this transaction works to create Collateral Objects, on some collateral objects need to do reference some number of document. The documents which i need to reference on the object. If this documents don't exist, are need to create on SAP FI (SAP FI is in other server).
    On the transaction(cms_wb) I create the document, if it doesn't exist. I only click an icon, and then this icon opens the transaction of SAP FI. 
    This configuration was done by SAP Basis Consultant.
    Do you have any idea to do this on ABAP program?

    Debug the button click and you'll see how it works... it all comes down to ABAP code no matter who implements it .

  • Can't authenticate Mac VPN client from RADIUS server

    Hello,
    I'm a real noob here so please bear with me.
    I have been able to configure my PIX 515E to allow VPN connections onto my network, but what I need to do is set up some sort of user authentication to control access at a user level. From what I've read here and in the Configuration Guide I should be able to do this authentication with a RADIUS server. I'm running a Corriente Networks Elektron Security server which has RADIUS server capabilities. It is running on my (inside) interface at IP 192.168.10.26.
    I thought that I had everything configured properly but it never seems to authenticate. I connect, the XAUTH window pops up, I add my username and password as it's configured on my RADIUS server, but when I click OK it just cycles the progress bar at the bottom and eventually times out. The client log doesn't show me anything and the log on the RADIUS server shows me nothing. Any ideas? this seems like it should be simple because I can connect until I attempt to authenticate to the RADIUS server.
    TIA for any direction you can provide me.
    Christine

    If it helps, here is my config with a some of the non-related bits deleted:
    interface ethernet0 auto
    interface ethernet1 auto
    interface ethernet2 auto
    nameif ethernet0 outside security0
    nameif ethernet1 inside security100
    nameif ethernet2 DMZ security50
    enable password ********* encrypted
    passwd ******* encrypted
    hostname pixfirewall
    domain-name acme.com
    fixup protocol dns maximum-length 512
    fixup protocol ftp 21
    fixup protocol http 80
    fixup protocol http 82
    fixup protocol rsh 514
    fixup protocol rtsp 554
    fixup protocol sip 5060
    fixup protocol sip udp 5060
    fixup protocol skinny 2000
    fixup protocol smtp 25
    access-list inside_outbound_nat0_acl permit ip any 192.168.10.0 255.255.255.0
    access-list inside_outbound_nat0_acl permit ip host 192.168.10.26 192.168.10.192 255.255.255.224
    access-list inside_outbound_nat0_acl permit ip host 192.168.10.69 192.168.10.192 255.255.255.224
    access-list outside_cryptomap_dyn_20 permit ip any 192.168.10.0 255.255.255.0
    access-list outside_cryptomap_dyn_40 permit ip any 192.168.10.192 255.255.255.224
    mtu outside 1500
    mtu inside 1500
    mtu DMZ 1500
    ip address outside 207.XXX.XXX.130 255.255.255.0
    ip address inside 192.168.10.1 255.255.255.0
    ip address DMZ 192.168.100.1 255.255.255.0
    multicast interface inside
    ip audit info action alarm
    ip audit attack action alarm
    ip local pool CBI_VPN_Pool 192.168.10.201-192.168.10.220
    pdm location 192.168.10.50 255.255.255.255 inside
    pdm group CBI_Servers inside
    pdm logging warnings 100
    pdm history enable
    arp timeout 14400
    global (outside) 200 interface
    global (DMZ) 200 interface
    nat (inside) 0 access-list inside_outbound_nat0_acl
    nat (inside) 200 192.168.10.0 255.255.255.0 0 0
    static (inside,outside) 207.XXX.XXX.150 192.168.10.27 netmask 255.255.255.255 0 0
    static (inside,outside) 207.XXX.XXX.132 192.168.10.26 dns netmask 255.255.255.255 0 0
    access-group 100 in interface outside
    route outside 0.0.0.0 0.0.0.0 207.XXX.XXX.129 1
    timeout xlate 3:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
    timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
    timeout uauth 0:05:00 absolute
    aaa-server radius-authport 1812
    aaa-server radius-acctport 1812
    aaa-server TACACS+ protocol tacacs+
    aaa-server RADIUS protocol radius
    aaa-server RADIUS (inside) host 192.168.10.26 ************* timeout 10
    aaa-server LOCAL protocol local
    http server enable
    http 192.168.10.3 255.255.255.255 inside
    no floodguard enable
    sysopt connection permit-ipsec
    crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
    crypto dynamic-map outside_dyn_map 20 match address outside_cryptomap_dyn_20
    crypto dynamic-map outside_dyn_map 20 set transform-set ESP-DES-MD5
    crypto dynamic-map outside_dyn_map 40 match address outside_cryptomap_dyn_40
    crypto dynamic-map outside_dyn_map 40 set transform-set ESP-DES-MD5
    crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
    crypto map outside_map client authentication RADIUS
    crypto map outside_map interface outside
    crypto map inside_map interface inside
    isakmp enable outside
    isakmp nat-traversal 3600
    isakmp policy 20 authentication pre-share
    isakmp policy 20 encryption des
    isakmp policy 20 hash md5
    isakmp policy 20 group 2
    isakmp policy 20 lifetime 86400
    vpngroup Test_VPN address-pool CBI_VPN_Pool
    vpngroup Test_VPN dns-server 142.77.2.101 142.77.2.36
    vpngroup Test_VPN default-domain acme.com
    vpngroup Test_VPN idle-time 1800
    vpngroup Test_VPN authentication-server RADIUS
    vpngroup Test_VPN user-authentication
    vpngroup Test_VPN user-idle-timeout 1200
    vpngroup Test_VPN password ********
    ssh timeout 5
    console timeout 0
    dhcpd address 192.168.10.100-192.168.10.254 inside
    dhcpd dns 142.77.2.101 142.77.2.36
    dhcpd lease 3600
    dhcpd ping_timeout 750
    dhcpd auto_config outside
    dhcpd enable inside

  • How can i move music from one account to another

    I have 4 different accounts in Itunes and i wish to move all the music into one account
    help please !!!!

    You can't transfer content from one account to another account, nor can you merge accounts - content will remain tied to the account that downloaded it

  • How can I transfer work from one computer to another?

    How can I transfer work from one computer to another?

    Welcome to the forum.
    I can think of three basic ways to accomplish what you wish to do:
    Use the Project Archiver to archive your Project (and check the box to gather the media files), to an external HDD. Probably the easiest way to do it.
    Copy the Project and ALL media files to an external HDD, but be prepared to relink the media files to the Project, as the drive letter (part of the Absolute Path) will have changed.
    Edit loosely, and Share to an AV file, which will be Imported into a New Project on that second computer. Or, edit VERY tightly, and do the same. I like the first, as removing, replacing Transitions, etc., can be much more difficult, unless that "tight edit" is 100% done.
    Good luck,
    Hunt
    Message was edited by: Bill Hunt to correct formatting

  • How can I transfer information from one ipad to another?

    how can I transfer information from one ipad to another ?

    What kind of information? You can sync things like Contacts and Calendars by using iCloud. You can backup one iPad to iTunes on a computer and then sync the backup to the other iPad. You can configure your iTunes content and sync the same content to both iPads.
    It is based on what you want to do. Or are you looking for a way to send files from one iPad to another wirelessly? There are apps to do things like that, as well as cloud services, such as DropBox.

  • How can I migrate everything from one account to another on same computer?

    How can I migrate everything from one account to another on same computer?

    Transferring files from one User Account to another

  • Can I move applications from one user to another on the same computer?

    If I have two users on one mac, can I move applications from one user to another on the same computer?
    Thanks

    By default, apps are installed for all the users in /Applications

  • Can i move money from one account to another?

    Can i move money from one account to another?

    Basically, no; only the iTunes Store staff can do this, and then only by putting the balance from a completely unspent gift card back onto the card.
    (83942)

  • Can i transfer music from one ipod to another?

    Can i transfer music from one ipod to another?

    No. You can only do it via iTunes or by:
    Downloading past purchases from the App Store, iBookstore, and iTunes Store

  • Can i transfer everything from one ipad to another so both have exactly the same things

    Can i transfer everything from one ipad to another so both have exactly the same things?

    Yes. Copy your apps and other iTunes purchases/downloads to your computer's iTunes via File > Transfer Purchases (File > Devices > Transfer Purchases if you have iTunes 11 on your computer), then backup up the first iPad and restore that backup onto the second iPad.
    Backups and restores : http://support.apple.com/kb/HT4079
    Things that aren't included in a backup include the contents of the Music and Videos apps (but they should be on your computer's iTunes) and photos that were synced from a computer. Also you will need to enter your passwords (email, wifi, website) on the second iPad - they won't be restored onto a different device, only back onto the device that the backup came from.

  • Can I transfer pictures from one iPad to another without going over iTunes?, can I transfer pictures from one iPad to another without going over iTunes?

    can I transfer pictures from one iPad to another without going over iTunes?, can I transfer pictures from one iPad to another without going over iTunes?

    Yes, use 3rd party apps like Photo Transfer App.
    http://i1224.photobucket.com/albums/ee374/Diavonex/Album%205/69507ce7f854c405f54 77bea99f4d498.jpg
    http://i1224.photobucket.com/albums/ee374/Diavonex/Album%205/79b3173fda7b6a6e148 5b463198f6acf.jpg

  • Can I transfer info from one macbook to another by using a firewire cable?

    Can I transfer info from one mac to another by using a firewire cable?

    You can boot the computer that you would like to get the file from into target disk mode.
    This document will help you.
    http://docs.info.apple.com/article.html?path=Mac/10.6/en/8443.html

  • HT201209 Can I transfer money from one account to another?

    Can I transfer money from one account to another?

    No; if the balance includes a completely unspent gift card, the iTunes Store staff can put that money back onto it.
    (96104)

Maybe you are looking for

  • I think my email server has been hacked!  How do I find out and fix it?

    Can someone tell me where or how to start to fix this? I'm running a MacMini Server with 10.6.8 running on it. I'm enclosing  a raw glimps of the SMTP log below. Jan 14 21:21:45 jbillings postfix/smtp[77947]: 1819E6A00ADD: to=<joetdr**[email protected]>, r

  • A suggestion for wiki

    I see a lot of people asking "What's the best 'x' application?" (file manager, windows manager etc. more then 1 thread for 'x' app) and it would be nice if it there would be an option for users to rate the 'x' app  . So at the "Common apps" would be

  • Field "quantity" in accounting document

    Hi experts, Found a field named "quantity" in accounting document (after release invoice F2 to accounting). The explanation from the system as following. But I got some questions about that. Q1: What scenario does this field apply to? Would you pls i

  • WIS 10901 Hierarchies

    Hi Experts, I have a problem, when I execute a query the next error appear: "The query specification specifies two hierarchies from the same dimension .... (WIS 10901)" We have the infobjet 0ORGUNIT y 0EMPLOYEE_ORGUNIT both in different dimensions. P

  • Bunch of people moving, time to change printers.

    Here's the situation. I have about 100 people moving to new cubicles. They're computers are going with them but they will of course need to print to a different printer. I would really like to automate this via VBScript or Batch. I am in a non-AD, no