Security

Reply
Contributor I
Posts: 25
Registered: ‎01-23-2015

Cisco RADIUS Cannot select appropriate authentication method

I setup Cisco switch (3560 12.2) to authenticate with Clearpass and seeing 'Authentication failure' and  'RADIUS Cannot select appropriate authentication method' in Access Tracker. I am using service 'MSCHAPV2-wired' with MSCHAP auth , tried to add few more , didn't help.. appreciate advice 

 

Cisco-C3560#test aaa group netlab netlab1 n3w@y!n new-code
User rejected

Cisco-C3560#sh ver | i Version
Cisco IOS Software, C3560 Software (C3560-IPBASEK9-M), Version 12.2(35)SE5, RELEASE SOFTWARE (fc1)

 

 

Guru Elite
Posts: 8,447
Registered: ‎09-08-2010

Re: Cisco RADIUS Cannot select appropriate authentication method

Do you have MSCHAP as the authentication method in your service? 


Thanks, 
Tim

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Contributor I
Posts: 25
Registered: ‎01-23-2015

Re: Cisco RADIUS Cannot select appropriate authentication method

Yes MSCHAP is my first Authentication Method

MVP
Posts: 4,266
Registered: ‎07-20-2011

Re: Cisco RADIUS Cannot select appropriate authentication method

Can you please share the switch config ?

 

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Contributor II
Posts: 41
Registered: ‎05-15-2014

Re: Cisco RADIUS Cannot select appropriate authentication method

Hi 

 

We have found that the most stable version of 12.2 IOS code is 12.2(55)SE9. We've found issues in many others...

 

Regards

 

Chris

Contributor I
Posts: 25
Registered: ‎01-23-2015

Re: Cisco RADIUS Cannot select appropriate authentication method

Sure, this is aaaa part of cisco switch config:

aaa new-model
aaa group server radius netlab
server-private 10.95.2.201 auth-port 1812 acct-port 1813 key 7 xxx

dot1x system-auth-control
radius-server attribute 6 on-for-login-auth
radius-server attribute 8 include-in-access-req

aaa authentication dot1x default group netlab

 

Contributor I
Posts: 25
Registered: ‎01-23-2015

Re: Cisco RADIUS Cannot select appropriate authentication method

I tried on C3560C Version 15.2(2)E1, same thing Clearpass Access Tracker says 'Cannot select appropriate authentication method'

MVP
Posts: 4,266
Registered: ‎07-20-2011

Re: Cisco RADIUS Cannot select appropriate authentication method

How's your interface configured ?

 

Have you been able to authenticate successfully using 802.1X against AD with your wireless setup ?

 

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Contributor I
Posts: 25
Registered: ‎01-23-2015

Re: Cisco RADIUS Cannot select appropriate authentication method

so fa I've tested  wired only from cisco switch using 'test' command

#test aaa group netlab netlab1 password new-code 

User rejected

 

MVP
Posts: 4,266
Registered: ‎07-20-2011

Re: Cisco RADIUS Cannot select appropriate authentication method

Are you using AD as an authentication source?

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Search Airheads
Showing results for 
Search instead for 
Did you mean: