Unable to use Radius Authentication for Wireless
in [Cisco]
|
Prev: world2015.org
Next: Autonomous Cisco 1142n CLI setup
From: Elia S. on 12 Feb 2010 12:46 Hello I have this scenario: C877 52F/256D with 15.0M1 ADVIPSERVICES I have enabled on it the local radius server with these configuration: radius-server local nas 192.168.1.243 key 7 0010161510 (test) user elia password 0 elia ! radius-server host 192.168.1.254 auth-port 1645 acct-port 1646 192.168.1.254 is the IP of the C877 192.168.1.243 is the ip of the AP --------------- I have one Access Point 1121G-E-K9 with this current config: Cisco IOS Software, C1100 Software (C1100-K9W7-M), Version 12.3(8)JED, RELEASE SOFTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2009 by Cisco Systems, Inc. Compiled Fri 18-Sep-09 10:28 by tinhuang ! version 12.3 service nagle no service pad service tcp-keepalives-in service tcp-keepalives-out service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone service password-encryption service internal service sequence-numbers ! hostname ap ! no logging console enable secret 5 $1$iELC$zp6EkUHMBPODgTs7wBoSf1 ! clock timezone CET 1 ip subnet-zero no ip source-route no ip gratuitous-arps ip tcp selective-ack ip tcp synwait-time 10 ip domain name spadhausen.local ip name-server 212.97.32.2 ip name-server 212.97.32.7 ! ! ip ssh time-out 90 ip ssh version 2 aaa new-model ! ! aaa group server radius rad_eap server 192.168.1.254 auth-port 1645 acct-port 1646 ! aaa group server radius rad_mac ! aaa group server radius rad_acct server 192.168.1.254 auth-port 1645 acct-port 1646 ! aaa group server radius rad_admin ! aaa group server tacacs+ tac_admin ! aaa group server radius rad_pmip ! aaa group server radius dummy ! aaa authentication login eap_methods group rad_eap aaa authentication login mac_methods local aaa authorization exec default local aaa accounting network acct_methods start-stop group rad_acct aaa session-id common dot11 syslog ! dot11 ssid tsunami2 authentication open eap eap_methods authentication network-eap eap_methods authentication key-management wpa guest-mode ! ! ! username Cisco password 7 047802150C2E ! bridge irb ! ! interface Dot11Radio0 no ip address no ip unreachables no ip proxy-arp no ip route-cache ! encryption mode ciphers aes-ccm tkip ! broadcast-key change 3600 membership-termination capability-change ! ! ssid tsunami2 ! speed basic-1.0 basic-2.0 5.5 6.0 9.0 11.0 12.0 18.0 24.0 36.0 48.0 54.0 no power client local power client 1 power local cck 1 power local ofdm 1 station-role root access-point fallback shutdown payload-encapsulation dot1h world-mode dot11d country-code IT indoor bridge-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding bridge-group 1 spanning-disabled ! interface FastEthernet0 no ip address no ip unreachables no ip proxy-arp no ip route-cache duplex auto speed auto no cdp enable bridge-group 1 no bridge-group 1 source-learning bridge-group 1 spanning-disabled ! interface BVI1 ip address 192.168.1.243 255.255.255.0 no ip route-cache ! ip default-gateway 192.168.1.254 ip http server no ip http secure-server ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag ip radius source-interface BVI1 ! snmp-server community public RO radius-server attribute 32 include-in-access-req format %h radius-server host 192.168.1.254 auth-port 1645 acct-port 1646 key 0 test radius-server key 0 test radius-server vsa send accounting bridge 1 route ip ! ! ! line con 0 line vty 0 4 ! sntp server 193.204.114.105 sntp server 192.43.244.18 sntp broadcast client end (please note that in the original config I have radius-server host 192.168.1.254 auth-port 1645 acct-port 1646 key 7 0835495D1D radius-server key 7 044F0E151B even inf the password are entered using 0 test to set password to "test". why they have two different hashes?? ) I am unable to login to the wi fi network On the AP I have this logs: 000827: Feb 12 18:44:54.961 CET: AAA/BIND(0000002E): Bind i/f 000828: Feb 12 18:44:54.961 CET: AAA/ACCT/HC(0000002E): Register DOT11/00C7B154 0bit/s, assuming 100Mbit/s, poll every 5m 0s 000829: Feb 12 18:44:54.962 CET: AAA/ACCT/HC(0000002E): Update DOT11/00C7B154 000830: Feb 12 18:44:54.962 CET: AAA/ACCT/HC(0000002E): DOT11/00C7B154 [init-sess] (rx/tx) base 0/0 pre 0/0 call 0/0 000831: Feb 12 18:44:54.962 CET: AAA/ACCT/HC(0000002E): DOT11/00C7B154 [init-sess] (rx/tx) adjusted, pre 0/0 call 0/0 000832: Feb 12 18:44:54.962 CET: AAA/ACCT/EVENT/(0000002E): CALL START 000833: Feb 12 18:44:54.962 CET: Getting session id for NET(0000002E) : db=BE30CC 000834: Feb 12 18:44:54.962 CET: AAA/ACCT(00000000): add node, session 44 000835: Feb 12 18:44:54.962 CET: AAA/ACCT/NET(0000002E): add, count 1 000836: Feb 12 18:44:57.127 CET: AAA/AUTHEN/PPP (0000002E): Pick method list 'eap_methods' 000837: Feb 12 18:44:57.128 CET: Getting session id for NET(0000002E) : db=BE30CC 000838: Feb 12 18:45:05.123 CET: AAA/ACCT/HC(0000002E): Update DOT11/00C7B154 000839: Feb 12 18:45:05.123 CET: AAA/ACCT/HC(0000002E): DOT11/00C7B154 [pre-sess] (rx/tx) base 0/0 pre 219/310 call 219/310 000840: Feb 12 18:45:05.123 CET: AAA/ACCT/HC(0000002E): DOT11/00C7B154 [pre-sess] (rx/tx) adjusted, pre 219/310 call 0/0 000841: Feb 12 18:45:05.124 CET: AAA/ACCT/HC(0000002E): Deregister DOT11/00C7B154 000842: Feb 12 18:45:05.124 CET: AAA/ACCT/EVENT/(0000002E): CALL STOP 000843: Feb 12 18:45:05.124 CET: AAA/ACCT/CALL STOP(0000002E): Sending stop requests 000844: Feb 12 18:45:05.125 CET: AAA/ACCT(0000002E): Send all stops 000845: Feb 12 18:45:05.125 CET: AAA/ACCT/NET(0000002E): STOP 000846: Feb 12 18:45:05.125 CET: AAA/ACCT/NET(0000002E): Method list not found 000847: Feb 12 18:45:05.125 CET: AAA/ACCT(0000002E): del node, session 44 000848: Feb 12 18:45:05.125 CET: AAA/ACCT/NET(0000002E): free_rec, count 0 000849: Feb 12 18:45:05.125 CET: AAA/ACCT/NET(0000002E) reccnt 0, csr TRUE, osr 0 000850: Feb 12 18:45:05.125 CET: AAA/ACCT/NET(0000002E): Last rec in db, intf not enqueued 000851: Feb 12 18:45:05.967 CET: AAA/BIND(0000002F): Bind i/f 000852: Feb 12 18:45:05.967 CET: AAA/ACCT/HC(0000002F): Register DOT11/00C79B34 0bit/s, assuming 100Mbit/s, poll every 5m 0s 000853: Feb 12 18:45:05.967 CET: AAA/ACCT/HC(0000002F): Update DOT11/00C79B34 000854: Feb 12 18:45:05.967 CET: AAA/ACCT/HC(0000002F): DOT11/00C79B34 [init-sess] (rx/tx) base 0/0 pre 0/0 call 0/0 000855: Feb 12 18:45:05.968 CET: AAA/ACCT/HC(0000002F): DOT11/00C79B34 [init-sess] (rx/tx) adjusted, pre 0/0 call 0/0 000856: Feb 12 18:45:05.968 CET: AAA/ACCT/EVENT/(0000002F): CALL START 000857: Feb 12 18:45:05.968 CET: Getting session id for NET(0000002F) : db=C5F818 000858: Feb 12 18:45:05.968 CET: AAA/ACCT(00000000): add node, session 45 000859: Feb 12 18:45:05.969 CET: AAA/ACCT/NET(0000002F): add, count 1 000860: Feb 12 18:45:06.001 CET: AAA/ACCT/HC(0000002F): Update DOT11/00C79B34 000861: Feb 12 18:45:06.002 CET: AAA/ACCT/HC(0000002F): DOT11/00C79B34 [pre-sess] (rx/tx) base 0/0 pre 63/310 call 63/310 000862: Feb 12 18:45:06.002 CET: AAA/ACCT/HC(0000002F): DOT11/00C79B34 [pre-sess] (rx/tx) adjusted, pre 63/310 call 0/0 000863: Feb 12 18:45:06.003 CET: AAA/ACCT/HC(0000002F): Deregister DOT11/00C79B34 000864: Feb 12 18:45:06.003 CET: AAA/ACCT/EVENT/(0000002F): CALL STOP 000865: Feb 12 18:45:06.003 CET: AAA/ACCT/CALL STOP(0000002F): Sending stop requests 000866: Feb 12 18:45:06.003 CET: AAA/ACCT(0000002F): Send all stops 000867: Feb 12 18:45:06.003 CET: AAA/ACCT/NET(0000002F): STOP 000868: Feb 12 18:45:06.003 CET: AAA/ACCT/NET(0000002F): Method list not found 000869: Feb 12 18:45:06.003 CET: AAA/ACCT(0000002F): del node, session 45 000870: Feb 12 18:45:06.003 CET: AAA/ACCT/NET(0000002F): free_rec, count 0 000871: Feb 12 18:45:06.004 CET: AAA/ACCT/NET(0000002F) reccnt 0, csr TRUE, osr 0 000872: Feb 12 18:45:06.004 CET: AAA/ACCT/NET(0000002F): Last rec in db, intf not enqueued 000873: Feb 12 18:45:06.753 CET: AAA/BIND(00000030): Bind i/f 000874: Feb 12 18:45:06.753 CET: AAA/ACCT/HC(00000030): Register DOT11/00C7E9B4 0bit/s, assuming 100Mbit/s, poll every 5m 0s 000875: Feb 12 18:45:06.753 CET: AAA/ACCT/HC(00000030): Update DOT11/00C7E9B4 000876: Feb 12 18:45:06.754 CET: AAA/ACCT/HC(00000030): DOT11/00C7E9B4 [init-sess] (rx/tx) base 0/0 pre 0/0 call 0/0 000877: Feb 12 18:45:06.754 CET: AAA/ACCT/HC(00000030): DOT11/00C7E9B4 [init-sess] (rx/tx) adjusted, pre 0/0 call 0/0 000878: Feb 12 18:45:06.754 CET: AAA/ACCT/EVENT/(00000030): CALL START 000879: Feb 12 18:45:06.754 CET: Getting session id for NET(00000030) : db=C5F818 000880: Feb 12 18:45:06.754 CET: AAA/ACCT(00000000): add node, session 46 000881: Feb 12 18:45:06.754 CET: AAA/ACCT/NET(00000030): add, count 1 000882: Feb 12 18:45:11.273 CET: AAA/ACCT/HC(00000030): Update DOT11/00C7E9B4 000883: Feb 12 18:45:11.273 CET: AAA/ACCT/HC(00000030): DOT11/00C7E9B4 [pre-sess] (rx/tx) base 0/0 pre 63/310 call 63/310 000884: Feb 12 18:45:11.273 CET: AAA/ACCT/HC(00000030): DOT11/00C7E9B4 [pre-sess] (rx/tx) adjusted, pre 63/310 call 0/0 000885: Feb 12 18:45:11.273 CET: AAA/ACCT/HC(00000030): Deregister DOT11/00C7E9B4 000886: Feb 12 18:45:11.274 CET: AAA/ACCT/EVENT/(00000030): CALL STOP 000887: Feb 12 18:45:11.274 CET: AAA/ACCT/CALL STOP(00000030): Sending stop requests 000888: Feb 12 18:45:11.274 CET: AAA/ACCT(00000030): Send all stops 000889: Feb 12 18:45:11.274 CET: AAA/ACCT/NET(00000030): STOP 000890: Feb 12 18:45:11.274 CET: AAA/ACCT/NET(00000030): Method list not found 000891: Feb 12 18:45:11.275 CET: AAA/ACCT(00000030): del node, session 46 000892: Feb 12 18:45:11.275 CET: AAA/ACCT/NET(00000030): free_rec, count 0 000893: Feb 12 18:45:11.275 CET: AAA/ACCT/NET(00000030) reccnt 0, csr TRUE, osr 0 000894: Feb 12 18:45:11.275 CET: AAA/ACCT/NET(00000030): Last rec in db, intf not enqueued On the C877 I have these: 002408: Feb 12 18:44:57.286 CET: RADIUS: Received from unauthorized client 192.168.1.243 002409: Feb 12 18:45:02.503 CET: RADIUS: Received from unauthorized client 192.168.1.243 002410: Feb 12 18:45:07.744 CET: RADIUS: Received from unauthorized client 192.168.1.243 002411: Feb 12 18:45:13.077 CET: RADIUS: Received from unauthorized client 192.168.1.243
From: Elia S. on 13 Feb 2010 06:47 Yesterday I made a lot of testing: If I put the radius on the radius device (cisco 877 and also i tried using the internal radius of the 1121G) on the port 1645 and 1646 it doesnt work If I put the ports to 1812 and 1813 it works but replies with unknown auth type. Now a big question.... that may resolve the issue. I am using Windows 7 business with intel 3945ABG with the very latest drivers. Since the internal radius of both cisco 877 and 1121G supports only LEAP and EAP-FAST, my client could not support it, and I would need a cisco wifi client!!!!! that could be the issue??? "Elia S." <adminNOSPAM(a)spadhausen.com> ha scritto nel messaggio news:Esydne_WGLN0DujWnZ2dnUVZ8rGdnZ2d(a)kpnqwest.it... > Hello > I have this scenario: > > C877 52F/256D with 15.0M1 ADVIPSERVICES > > I have enabled on it the local radius server with these configuration: > > radius-server local > nas 192.168.1.243 key 7 0010161510 (test) > user elia password 0 elia > ! > radius-server host 192.168.1.254 auth-port 1645 acct-port 1646 > > 192.168.1.254 is the IP of the C877 > 192.168.1.243 is the ip of the AP > --------------- > > I have one Access Point 1121G-E-K9 with this current config: > > Cisco IOS Software, C1100 Software (C1100-K9W7-M), Version 12.3(8)JED, > RELEASE SOFTWARE (fc1) > Technical Support: http://www.cisco.com/techsupport > Copyright (c) 1986-2009 by Cisco Systems, Inc. > Compiled Fri 18-Sep-09 10:28 by tinhuang > > > ! > version 12.3 > service nagle > no service pad > service tcp-keepalives-in > service tcp-keepalives-out > service timestamps debug datetime msec localtime show-timezone > service timestamps log datetime msec localtime show-timezone > service password-encryption > service internal > service sequence-numbers > ! > hostname ap > ! > no logging console > enable secret 5 $1$iELC$zp6EkUHMBPODgTs7wBoSf1 > ! > clock timezone CET 1 > ip subnet-zero > no ip source-route > no ip gratuitous-arps > ip tcp selective-ack > ip tcp synwait-time 10 > ip domain name spadhausen.local > ip name-server 212.97.32.2 > ip name-server 212.97.32.7 > ! > ! > ip ssh time-out 90 > ip ssh version 2 > aaa new-model > ! > ! > aaa group server radius rad_eap > server 192.168.1.254 auth-port 1645 acct-port 1646 > ! > aaa group server radius rad_mac > ! > aaa group server radius rad_acct > server 192.168.1.254 auth-port 1645 acct-port 1646 > ! > aaa group server radius rad_admin > ! > aaa group server tacacs+ tac_admin > ! > aaa group server radius rad_pmip > ! > aaa group server radius dummy > ! > aaa authentication login eap_methods group rad_eap > aaa authentication login mac_methods local > aaa authorization exec default local > aaa accounting network acct_methods start-stop group rad_acct > aaa session-id common > dot11 syslog > ! > dot11 ssid tsunami2 > authentication open eap eap_methods > authentication network-eap eap_methods > authentication key-management wpa > guest-mode > ! > ! > ! > username Cisco password 7 047802150C2E > ! > bridge irb > ! > ! > interface Dot11Radio0 > no ip address > no ip unreachables > no ip proxy-arp > no ip route-cache > ! > encryption mode ciphers aes-ccm tkip > ! > broadcast-key change 3600 membership-termination capability-change > ! > ! > ssid tsunami2 > ! > speed basic-1.0 basic-2.0 5.5 6.0 9.0 11.0 12.0 18.0 24.0 36.0 48.0 54.0 > no power client local > power client 1 > power local cck 1 > power local ofdm 1 > station-role root access-point fallback shutdown > payload-encapsulation dot1h > world-mode dot11d country-code IT indoor > bridge-group 1 > bridge-group 1 subscriber-loop-control > bridge-group 1 block-unknown-source > no bridge-group 1 source-learning > no bridge-group 1 unicast-flooding > bridge-group 1 spanning-disabled > ! > interface FastEthernet0 > no ip address > no ip unreachables > no ip proxy-arp > no ip route-cache > duplex auto > speed auto > no cdp enable > bridge-group 1 > no bridge-group 1 source-learning > bridge-group 1 spanning-disabled > ! > interface BVI1 > ip address 192.168.1.243 255.255.255.0 > no ip route-cache > ! > ip default-gateway 192.168.1.254 > ip http server > no ip http secure-server > ip http help-path > http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag > ip radius source-interface BVI1 > ! > snmp-server community public RO > radius-server attribute 32 include-in-access-req format %h > radius-server host 192.168.1.254 auth-port 1645 acct-port 1646 key 0 test > radius-server key 0 test > radius-server vsa send accounting > bridge 1 route ip > ! > ! > ! > line con 0 > line vty 0 4 > ! > sntp server 193.204.114.105 > sntp server 192.43.244.18 > sntp broadcast client > end > > > (please note that in the original config I have > > radius-server host 192.168.1.254 auth-port 1645 acct-port 1646 key 7 > 0835495D1D > radius-server key 7 044F0E151B > > even inf the password are entered using 0 test to set password to "test". > why they have two different hashes?? ) > > > I am unable to login to the wi fi network > > > On the AP I have this logs: > > 000827: Feb 12 18:44:54.961 CET: AAA/BIND(0000002E): Bind i/f > 000828: Feb 12 18:44:54.961 CET: AAA/ACCT/HC(0000002E): Register > DOT11/00C7B154 0bit/s, assuming 100Mbit/s, poll every 5m 0s > 000829: Feb 12 18:44:54.962 CET: AAA/ACCT/HC(0000002E): Update > DOT11/00C7B154 > 000830: Feb 12 18:44:54.962 CET: AAA/ACCT/HC(0000002E): DOT11/00C7B154 > [init-sess] (rx/tx) base 0/0 pre 0/0 call 0/0 > 000831: Feb 12 18:44:54.962 CET: AAA/ACCT/HC(0000002E): DOT11/00C7B154 > [init-sess] (rx/tx) adjusted, pre 0/0 call 0/0 > 000832: Feb 12 18:44:54.962 CET: AAA/ACCT/EVENT/(0000002E): CALL START > 000833: Feb 12 18:44:54.962 CET: Getting session id for NET(0000002E) : > db=BE30CC > 000834: Feb 12 18:44:54.962 CET: AAA/ACCT(00000000): add node, session 44 > 000835: Feb 12 18:44:54.962 CET: AAA/ACCT/NET(0000002E): add, count 1 > 000836: Feb 12 18:44:57.127 CET: AAA/AUTHEN/PPP (0000002E): Pick method > list 'eap_methods' > 000837: Feb 12 18:44:57.128 CET: Getting session id for NET(0000002E) : > db=BE30CC > 000838: Feb 12 18:45:05.123 CET: AAA/ACCT/HC(0000002E): Update > DOT11/00C7B154 > 000839: Feb 12 18:45:05.123 CET: AAA/ACCT/HC(0000002E): DOT11/00C7B154 > [pre-sess] (rx/tx) base 0/0 pre 219/310 call 219/310 > 000840: Feb 12 18:45:05.123 CET: AAA/ACCT/HC(0000002E): DOT11/00C7B154 > [pre-sess] (rx/tx) adjusted, pre 219/310 call 0/0 > 000841: Feb 12 18:45:05.124 CET: AAA/ACCT/HC(0000002E): Deregister > DOT11/00C7B154 > 000842: Feb 12 18:45:05.124 CET: AAA/ACCT/EVENT/(0000002E): CALL STOP > 000843: Feb 12 18:45:05.124 CET: AAA/ACCT/CALL STOP(0000002E): Sending > stop requests > 000844: Feb 12 18:45:05.125 CET: AAA/ACCT(0000002E): Send all stops > 000845: Feb 12 18:45:05.125 CET: AAA/ACCT/NET(0000002E): STOP > 000846: Feb 12 18:45:05.125 CET: AAA/ACCT/NET(0000002E): Method list not > found > 000847: Feb 12 18:45:05.125 CET: AAA/ACCT(0000002E): del node, session 44 > 000848: Feb 12 18:45:05.125 CET: AAA/ACCT/NET(0000002E): free_rec, count 0 > 000849: Feb 12 18:45:05.125 CET: AAA/ACCT/NET(0000002E) reccnt 0, csr > TRUE, osr 0 > 000850: Feb 12 18:45:05.125 CET: AAA/ACCT/NET(0000002E): Last rec in db, > intf not enqueued > 000851: Feb 12 18:45:05.967 CET: AAA/BIND(0000002F): Bind i/f > 000852: Feb 12 18:45:05.967 CET: AAA/ACCT/HC(0000002F): Register > DOT11/00C79B34 0bit/s, assuming 100Mbit/s, poll every 5m 0s > 000853: Feb 12 18:45:05.967 CET: AAA/ACCT/HC(0000002F): Update > DOT11/00C79B34 > 000854: Feb 12 18:45:05.967 CET: AAA/ACCT/HC(0000002F): DOT11/00C79B34 > [init-sess] (rx/tx) base 0/0 pre 0/0 call 0/0 > 000855: Feb 12 18:45:05.968 CET: AAA/ACCT/HC(0000002F): DOT11/00C79B34 > [init-sess] (rx/tx) adjusted, pre 0/0 call 0/0 > 000856: Feb 12 18:45:05.968 CET: AAA/ACCT/EVENT/(0000002F): CALL START > 000857: Feb 12 18:45:05.968 CET: Getting session id for NET(0000002F) : > db=C5F818 > 000858: Feb 12 18:45:05.968 CET: AAA/ACCT(00000000): add node, session 45 > 000859: Feb 12 18:45:05.969 CET: AAA/ACCT/NET(0000002F): add, count 1 > 000860: Feb 12 18:45:06.001 CET: AAA/ACCT/HC(0000002F): Update > DOT11/00C79B34 > 000861: Feb 12 18:45:06.002 CET: AAA/ACCT/HC(0000002F): DOT11/00C79B34 > [pre-sess] (rx/tx) base 0/0 pre 63/310 call 63/310 > 000862: Feb 12 18:45:06.002 CET: AAA/ACCT/HC(0000002F): DOT11/00C79B34 > [pre-sess] (rx/tx) adjusted, pre 63/310 call 0/0 > 000863: Feb 12 18:45:06.003 CET: AAA/ACCT/HC(0000002F): Deregister > DOT11/00C79B34 > 000864: Feb 12 18:45:06.003 CET: AAA/ACCT/EVENT/(0000002F): CALL STOP > 000865: Feb 12 18:45:06.003 CET: AAA/ACCT/CALL STOP(0000002F): Sending > stop requests > 000866: Feb 12 18:45:06.003 CET: AAA/ACCT(0000002F): Send all stops > 000867: Feb 12 18:45:06.003 CET: AAA/ACCT/NET(0000002F): STOP > 000868: Feb 12 18:45:06.003 CET: AAA/ACCT/NET(0000002F): Method list not > found > 000869: Feb 12 18:45:06.003 CET: AAA/ACCT(0000002F): del node, session 45 > 000870: Feb 12 18:45:06.003 CET: AAA/ACCT/NET(0000002F): free_rec, count 0 > 000871: Feb 12 18:45:06.004 CET: AAA/ACCT/NET(0000002F) reccnt 0, csr > TRUE, osr 0 > 000872: Feb 12 18:45:06.004 CET: AAA/ACCT/NET(0000002F): Last rec in db, > intf not enqueued > 000873: Feb 12 18:45:06.753 CET: AAA/BIND(00000030): Bind i/f > 000874: Feb 12 18:45:06.753 CET: AAA/ACCT/HC(00000030): Register > DOT11/00C7E9B4 0bit/s, assuming 100Mbit/s, poll every 5m 0s > 000875: Feb 12 18:45:06.753 CET: AAA/ACCT/HC(00000030): Update > DOT11/00C7E9B4 > 000876: Feb 12 18:45:06.754 CET: AAA/ACCT/HC(00000030): DOT11/00C7E9B4 > [init-sess] (rx/tx) base 0/0 pre 0/0 call 0/0 > 000877: Feb 12 18:45:06.754 CET: AAA/ACCT/HC(00000030): DOT11/00C7E9B4 > [init-sess] (rx/tx) adjusted, pre 0/0 call 0/0 > 000878: Feb 12 18:45:06.754 CET: AAA/ACCT/EVENT/(00000030): CALL START > 000879: Feb 12 18:45:06.754 CET: Getting session id for NET(00000030) : > db=C5F818 > 000880: Feb 12 18:45:06.754 CET: AAA/ACCT(00000000): add node, session 46 > 000881: Feb 12 18:45:06.754 CET: AAA/ACCT/NET(00000030): add, count 1 > 000882: Feb 12 18:45:11.273 CET: AAA/ACCT/HC(00000030): Update > DOT11/00C7E9B4 > 000883: Feb 12 18:45:11.273 CET: AAA/ACCT/HC(00000030): DOT11/00C7E9B4 > [pre-sess] (rx/tx) base 0/0 pre 63/310 call 63/310 > 000884: Feb 12 18:45:11.273 CET: AAA/ACCT/HC(00000030): DOT11/00C7E9B4 > [pre-sess] (rx/tx) adjusted, pre 63/310 call 0/0 > 000885: Feb 12 18:45:11.273 CET: AAA/ACCT/HC(00000030): Deregister > DOT11/00C7E9B4 > 000886: Feb 12 18:45:11.274 CET: AAA/ACCT/EVENT/(00000030): CALL STOP > 000887: Feb 12 18:45:11.274 CET: AAA/ACCT/CALL STOP(00000030): Sending > stop requests > 000888: Feb 12 18:45:11.274 CET: AAA/ACCT(00000030): Send all stops > 000889: Feb 12 18:45:11.274 CET: AAA/ACCT/NET(00000030): STOP > 000890: Feb 12 18:45:11.274 CET: AAA/ACCT/NET(00000030): Method list not > found > 000891: Feb 12 18:45:11.275 CET: AAA/ACCT(00000030): del node, session 46 > 000892: Feb 12 18:45:11.275 CET: AAA/ACCT/NET(00000030): free_rec, count 0 > 000893: Feb 12 18:45:11.275 CET: AAA/ACCT/NET(00000030) reccnt 0, csr > TRUE, osr 0 > 000894: Feb 12 18:45:11.275 CET: AAA/ACCT/NET(00000030): Last rec in db, > intf not enqueued > > > On the C877 I have these: > > > 002408: Feb 12 18:44:57.286 CET: RADIUS: Received from unauthorized client > 192.168.1.243 > 002409: Feb 12 18:45:02.503 CET: RADIUS: Received from unauthorized client > 192.168.1.243 > 002410: Feb 12 18:45:07.744 CET: RADIUS: Received from unauthorized client > 192.168.1.243 > 002411: Feb 12 18:45:13.077 CET: RADIUS: Received from unauthorized client > 192.168.1.243 > > > > >
From: Elia S. on 14 Feb 2010 11:18 I have solved my problems using the latest intel network utility wich supports cisco EAP. The problem is that LEAP is not supported natively in windows XP and Win 7 so I need to use PEAP but I need now a standalone radius server, not the integrated cisco's.
From: Gary on 17 Feb 2010 15:27 Elia S. > I have solved my problems using the latest intel network utility wich > supports cisco EAP. I have used it for tunning other parameters like roaming, etc. but forgot that it supports other EAP methods. >The problem is that LEAP is not supported natively in windows XP and Win 7 >so I need to use PEAP but I need now a standalone radius server, not the >integrated cisco's. We got PEAP working with Microsoft's RADIUS service and setting up a new AD group called "Wireless Users." The new group is not required if you want to just allow all domain users instead. -Gary
|
Pages: 1 Prev: world2015.org Next: Autonomous Cisco 1142n CLI setup |