PEAP authentication on ACS 5.3 for aruba wireless users

Dears

 

sorry if my question is far from CCIE scope. but in real production, i have one aruba controller and ACS 5.3. the requirement is to have wireless users authenticated from ACS using PEAP MSCHAPv2.. i configured internal user and apply access service policy with Permit access authorization profile.. but it is not working and showed me this error "11019 Selected Service DenyAccess". please help

Comments








  • Hello,

    Post the details of the deny access result.



    Best Regards,

    Moustafa Houssami



    Sent from my Windows Phone.





    From:
    wailess

    Sent:
    ?2014-?06-?02 7:29 PM

    To:
    Moustafa Houssami

    Subject:
    [CCIE Sec] PEAP authentication on ACS 5.3 for aruba wireless users




    Dears

     

    sorry if my question is far from CCIE scope. but in real production, i have one aruba controller and ACS 5.3. the requirement is to have wireless users authenticated from ACS using PEAP MSCHAPv2.. i configured internal user and apply access service policy
    with Permit access authorization profile.. but it is not working and showed me this error "11019 Selected Service DenyAccess". please help








    INE - The Industry Leader in CCIE Preparation

    http://www.INE.com



    Subscription information may be found at:

    http://www.ieoc.com/forums/ForumSubscriptions.aspx








    CONFIDENTIALITY NOTICE: This transmission contains confidential information. The information is intended only for the use of the recipient named above. If you have received this e-mail in error, please immediately notify us by telephone to arrange for return
    of the confidential information to us. You are hereby notified that any disclosure, copying, distribution, or the taking of any action in reliance on the contents of this information is strictly prohibited.



    Save a tree... please don't print this e-mail unless you really need to.




  • Authentications


    Most Recent Authentication




    0 Passed Authentication(s)


    27 Failed Authentication(s)


    27 Total


    Sessions

    Active Sessions







    Time:


    June 2,2014 3:48:23.120 AM

    RADIUS Status:


    11019 Selected DenyAccess Service
    :
    Authentication failed

    NAS Failure:




    MAC/IP Address:


    0.0.0.0


    Network Device:


    DEVICES
    :
    172.29.253.10
    :
     

    Access Service:


    DenyAccess

    Authorization Profiles:


     


    CTS Security Group:


     


    Authentication Method:


  • Hi,

    Clearly your ACS is not configured correctly. Make sure the access-service points to the internal user database and verify what conditions you used for the authorization policy.

    Regards,

    Cristian.

Sign In or Register to comment.