Reset Search
 

 

Article

NAC Rejecting RADIUS request is reason: RADIUS client not standards-compliant. Missing attributes: End-System MAC Address

« Go Back

Information

 
TitleNAC Rejecting RADIUS request is reason: RADIUS client not standards-compliant. Missing attributes: End-System MAC Address
Symptoms
  • NAC is rejecting the authentication requests. 
  • With RADIUS debug enabled the following reject and error message are seen: AAA Response [ID: 183335, Command: Reject User(0x23), Reason: RADIUS client not standards-compliant. Missing attributes: End-System MAC Address]
  • Trace of the RADIUS requests shows that no "Calling-Station-ID" attribute is included in the RADIUS access request.
Environment
NetSight Suite NAC
Non-Extreme switches
Cause
RADIUS authentication request from the 3rd party device does not contain the "Calling Station ID" attribute with the MAC address of the end system that is authenticating. 
Resolution
In order to correctly process, and associate an end system to an authentication request the NAC must receive a RADIUS authentication request from the switch that includes the "Calling-Station-ID" attribute that is the MAC address of the end system. Without this information the NAC cannot associate an end system to the authentication that is to be process and will reject the authentication request as non-standards compliant.

Configure the 3rd party device to include the "Calling-Station-ID" in the RADIUS request.
Additional notes
If the request is a management request then the "Calling-Station-ID" is not necessary, but the NAS-Port type attribute in the RADIUS access request needs to be set to "virtual"

 

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255