IC4500 Host Enforcer configuration and authentica...

Ala_ · ‎08-08-2010

Dear All,

I've a new IC4500 appliance, and the solution I like to implement is L3 enforcement.

For the time being as I don't have Infranet enforcers (i.e Firewalls), I prefered to create a test roles and realms and the enforcer to be the "Host Enforcer". Configuration wize there isn't too much to do on the IC4500. I enabled the Host enforcer and applied access list and that stuff.

Now the client machine whn accessing UAC URL, the UAC downloads the Odyssey client, but unfortunately after that no authentications happen between the client and the UAC server. I get this error message all the time on the Odyssey client " Error: Authentication not complete".

I revised the events on the UAC admin page and the following message appears;

EAM24460 -------------------------------------------- No EAP protocol was agreed on

Kamran_ · ‎08-11-2010

Dear Ala

check whether protocols are same in OAC profile you configured on client machine and in IC-4500 Authentication protocol Set. There should be same protocols in both and try to be in same order if there are more than 1.

In IC-----> Authentication->Signing In-->Authentication Protocol Set

there can be EAP-TTLS / EAP-PEAP (atleast one outer protocol)

also for inner there should be EAP-JUAC + EAP-MS-CHAP-V2 in both PEAP or TTLS.

In OAC--->Configuration-->Profiles--->Authentication

There should be at least one outer protocol as in IC-4500 (EAP-TTLS / EAP-PEAP)

Then in TTLS Tab there should be EAP as inner protocol selected and add EAP-JUAC + EAP-MS-CHAP-V2 same can be in PEAP Tab.

***EAP-JUAC is must for Odyssey Access Client (with agent configuration)

Regards,

Kamran

IC4500 Host Enforcer configuration and authentication

IC4500 Host Enforcer configuration and authentication

Re: IC4500 Host Enforcer configuration and authentication