Security

last person joined: 19 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Cisco RADIUS Cannot select appropriate authentication method

This thread has been viewed 11 times

  • 1.  Cisco RADIUS Cannot select appropriate authentication method

    Posted Feb 18, 2015 09:03 AM

    I setup Cisco switch (3560 12.2) to authenticate with Clearpass and seeing 'Authentication failure' and  'RADIUS Cannot select appropriate authentication method' in Access Tracker. I am using service 'MSCHAPV2-wired' with MSCHAP auth , tried to add few more , didn't help.. appreciate advice 

     

    Cisco-C3560#test aaa group netlab netlab1 n3w@y!n new-code
    User rejected

    Cisco-C3560#sh ver | i Version
    Cisco IOS Software, C3560 Software (C3560-IPBASEK9-M), Version 12.2(35)SE5, RELEASE SOFTWARE (fc1)

     

     



  • 2.  RE: Cisco RADIUS Cannot select appropriate authentication method

    EMPLOYEE
    Posted Feb 18, 2015 09:12 AM
    Do you have MSCHAP as the authentication method in your service? 


    Thanks, 
    Tim


  • 3.  RE: Cisco RADIUS Cannot select appropriate authentication method

    Posted Feb 18, 2015 09:20 AM

    Yes MSCHAP is my first Authentication Method



  • 4.  RE: Cisco RADIUS Cannot select appropriate authentication method

    Posted Feb 18, 2015 09:36 AM

    Can you please share the switch config ?

     



  • 5.  RE: Cisco RADIUS Cannot select appropriate authentication method

    Posted Feb 18, 2015 09:41 AM

    Sure, this is aaaa part of cisco switch config:

    aaa new-model
    aaa group server radius netlab
    server-private 10.95.2.201 auth-port 1812 acct-port 1813 key 7 xxx

    dot1x system-auth-control
    radius-server attribute 6 on-for-login-auth
    radius-server attribute 8 include-in-access-req

    aaa authentication dot1x default group netlab

     



  • 6.  RE: Cisco RADIUS Cannot select appropriate authentication method

    Posted Feb 18, 2015 12:03 PM

    How's your interface configured ?

     

    Have you been able to authenticate successfully using 802.1X against AD with your wireless setup ?

     



  • 7.  RE: Cisco RADIUS Cannot select appropriate authentication method

    Posted Feb 18, 2015 12:07 PM

    so fa I've tested  wired only from cisco switch using 'test' command

    #test aaa group netlab netlab1 password new-code 

    User rejected

     



  • 8.  RE: Cisco RADIUS Cannot select appropriate authentication method

    Posted Feb 18, 2015 12:17 PM

    Are you using AD as an authentication source?



  • 9.  RE: Cisco RADIUS Cannot select appropriate authentication method

    Posted Feb 18, 2015 12:20 PM

    no AD, just local Claerpass user



  • 10.  RE: Cisco RADIUS Cannot select appropriate authentication method

    EMPLOYEE
    Posted Feb 18, 2015 12:57 PM
    @niuk wrote:

    so fa I've tested  wired only from cisco switch using 'test' command

    #test aaa group netlab netlab1 password new-code 

    User rejected

     

     

    Niuk,

     

    Please try the ASE solution here:  https://ase.arubanetworks.com/solutions/id/93

     



  • 11.  RE: Cisco RADIUS Cannot select appropriate authentication method

    Posted Feb 18, 2015 09:38 AM

    Hi 

     

    We have found that the most stable version of 12.2 IOS code is 12.2(55)SE9. We've found issues in many others...

     

    Regards

     

    Chris



  • 12.  RE: Cisco RADIUS Cannot select appropriate authentication method

    Posted Feb 18, 2015 10:42 AM

    I tried on C3560C Version 15.2(2)E1, same thing Clearpass Access Tracker says 'Cannot select appropriate authentication method'