Hi; First of all, I would like to thank you for your replies. anyway, I used another laptop as client and again did not managed to authenticate it. I'm using Cisco 3560 switch as Authenticator. from debugs (dot1x and radius debugs) I tracked that switch did well as authenticator and because of "Access Reject" message received by IMC UAM, it blocks user access. I don't know which parameter is different on both sides that causes this. this is what I got on switch:
RADIUS: Received from id 1645/3 10.1.1.6:1645, Access-Reject, len 83
RADIUS: authenticator 9E 5A 0F D2 72 BB 6A 91 - DF F4 29 31 08 74 86 D0
RADIUS: EAP-Message [79] 7
RADIUS: 00 03 00 05 23 [ #]
RADIUS: Reply-Message [18] 38
RADIUS: 45 36 33 30 35 33 3A 20 49 6E 76 61 6C 69 64 20 [E63053: Invalid ]
RADIUS: 61 75 74 68 65 6E 74 69 63 61 74 69 6F 6E 20 74 [authentication t]
RADIUS: 79 70 65 2E [ ype.]
RADIUS: Message-Authenticato[80] 18
RADIUS: 6C 77 14 A5 1C A5 17 BB A2 80 97 AA C7 88 E4 BE [ lw]
RADIUS(00000002): Received from id 1645/3
so would you mind please, comparing the settings on my Access Policy in IMC with your own working Access Policy. I will appreciated.
-------------------------------------------------------
Basic Information:
Access Policy Name: Policy01
Service Group: Ungrouped
Description: -
Authorization Information:
Access Period: No Limit Allocate IP: No
Downstream Rate(Kbps): - Upstream Rate(Kbps): -
Priority: -
RSA Authentication: -
Certificate Authentication: EAP
Certificate Type: EAP-PEAP AuthN Certificate Sub-Type: MS-CHAPV2 AuthN
Deploy VLAN: -
Deploy User Profile: -
Deploy User Group: -
Deploy ACL: -
and nothing selected in the "Authentication Binding Information" and "User Client Configuration" sections.
------------------------------------------------------------------------------------------------------------------
settings of Client NIC:
on Authentication tab:
Enable IEEE 802.1x Authentication (checked)
Microsoft: Protected EAP (PEAP)
Remember My Credentials For This Connection Each Time (Checked)
Fallback to Unauthorized Network Access (Checked)
after clicking on the Settings button "Protected EAP Properties" page appeares, I cleared every checkbox on this page. after clicking the "Configure" button on the "Protected EAP Properties" page a page appears and I unchecked the "Automatically Use My Windows Logon..." option too.
and again on the Authentication tab on NIC Properties on Client computer, after clicking on "Additional Settings" a page appears and on that page, I checked the "Specify Authentication Mode" and selected "User Authentication" option. no other checkbox are selected on this page.
and this is switch's config, in the case you want futher info:
------------------------------------------------------
Switch(config)#do sh run | inc aaa|username|authentication|dot1x|radius
username cisco privilege 15 password 0 cisco
aaa new-model
aaa authentication login default group radius local
aaa authentication dot1x default group radius local
aaa authorization network default group radius local
aaa session-id common
dot1x system-auth-control
!
interface g0/10
switchport mode access
authentication port-control auto
dot1x pae authenticator
radius-server host 10.1.1.6 auth-port 1645 acct-port 1646 key cisco
-------------------------------------------------------
thank you for your time.