debug radius authentication

Unanswered Question
Dec 4th, 2009

Hi folks,

I have this problem with my access to my wireless network.

my config of my AP 1250:

Building configuration...

Current configuration : 3991 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname AP1
!
aaa new-model
!
aaa group server radius eap-tls
server 192.168.2.250 auth-port 1645 acct-port 1646
!

aaa authentication login rad_eap_list group eap-tls

!
aaa session-id common
clock summer-time verao09 date Mar 29 2009 1:00 Oct 25 2009 2:00
ip domain name domain
!
ip ssh time-out 40
ip ssh authentication-retries 2
dot11 activity-timeout client maximum 3600
!
dot11 ssid WiFi
   max-associations 50
   authentication open eap rad_eap_list
   guest-mode
   infrastructure-ssid optional
!
dot11 holdoff-time 5
dot11 aaa authentication attributes service login-only
dot11 aaa dot1x compliance draft10
power inline negotiation prestandard source
!

dot1x timeout supp-response 120
dot1x timeout reauth-period 5

!
bridge irb
!
interface Dot11Radio0
no ip address
no ip route-cache
shutdown
!
encryption mode ciphers wep40
!
ssid WiFi
!
speed  24.0 36.0 48.0 basic-54.0 m9. m10. m11. m12. m13. m14. m15.
channel least-congested 2412 2437 2462
station-role root access-point
rts threshold 1024
rts retries 15
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio1
no ip address
no ip route-cache
!
encryption mode ciphers wep40
!
ssid WiFi
!
no dfs band block
speed  24.0 36.0 48.0 basic-54.0 m9. m10. m11. m12. m13. m14. m15.
channel width 40-above
channel dfs
station-role root access-point
rts retries 32
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled

!

ip radius source-interface BVI1
!

radius-server attribute 32 include-in-access-req format %h
radius-server host 192.168.2.250 auth-port 1645 acct-port 1646 timeout 10 retransmit 5 key 7

00050316084E190703374D420C0F0005160E5E547F79747D
radius-server vsa send accounting
radius-server vsa send authentication
bridge 1 route ip
!
!
wlccp wds aaa authentication attributes service login-only
wlccp wds aaa dot1x compliance draft10
!

sntp server 192.168.2.21
end

my sh dot11 ass :


AP1l#sh dot11 ass

802.11 Client Stations on Dot11Radio1:SSID [WiFi] :

MAC Address    IP address      Device        Name            Parent         State
0024.2ba1.02b2 192.168.2.104    ccx-client    hostname-M      self           EAP-Assoc

log of my IAS :

User domain\user was granted access.

Fully-Qualified-User-Name = dc/

NAS-IP-Address = 192.168.2.9

NAS-Identifier = AP1

Client-Friendly-Name = AP-Cisco1250

Client-IP-Address = 192.168.2.9

Calling-Station-Identifier = 0024.2ba1.02b2

NAS-Port-Type = Wireless - IEEE 802.11

NAS-Port = 272

Proxy-Policy-Name = Use Windows authentication for all users

Authentication-Provider = Windows

Authentication-Server = <undetermined>

Policy-Name = WIRELESS_ACCESS

Authentication-Type = PEAP

EAP-Type = Secured password (EAP-MSCHAP v2)

my debug :

Dec  4 10:36:36.538: dot11_auth_dot1x_start: in the dot11_auth_dot1x_start

Dec  4 10:36:36.538: dot11_auth_dot1x_send_id_req_to_client: Sending identity request to 0024.2ba1.02b2

Dec  4 10:36:36.538: dot11_auth_dot1x_send_id_req_to_client: Client 0024.2ba1.02b2 timer started for 120 seconds

Dec  4 10:36:36.594: dot11_auth_parse_client_pak: Received EAPOL packet from 0024.2ba1.02b2

Dec  4 10:36:36.594: dot11_auth_dot1x_run_rfsm: Executing Action(CLIENT_WAIT,EAP_START) for 0024.2ba1.02b2

Dec  4 10:36:36.594: dot11_auth_dot1x_send_id_req_to_client: Sending identity request to 0024.2ba1.02b2

Dec  4 10:36:36.594: dot11_auth_dot1x_send_id_req_to_client: Client 0024.2ba1.02b2 timer started for 120 seconds

Dec  4 10:36:36.598: dot11_auth_parse_client_pak: Received EAPOL packet from 0024.2ba1.02b2

Dec  4 10:36:36.598: dot11_auth_parse_client_pak: id is not matching req-id:1resp-id:2, waiting for response

Dec  4 10:36:36.598: dot11_auth_parse_client_pak: Received EAPOL packet from 0024.2ba1.02b2

Dec  4 10:36:36.598: dot11_auth_dot1x_run_rfsm: Executing Action(CLIENT_WAIT,CLIENT_REPLY) for 0024.2ba1.02b2

Dec  4 10:36:36.598: dot11_auth_dot1x_send_response_to_server: Sending client 0024.2ba1.02b2 data to server

Dec  4 10:36:36.598: dot11_auth_dot1x_send_response_to_server: Started timer server_timeout 60 seconds

Dec  4 10:36:36.598: RADIUS/ENCODE(0000001A):Orig. component type = DOT11

Dec  4 10:36:36.598: RADIUS(0000001A): Config NAS IP: 192.168.2.9

Dec  4 10:36:36.598: RADIUS/ENCODE(0000001A): acct_session_id: 26

Dec  4 10:36:36.598: RADIUS(0000001A): Config NAS IP: 192.168.2.9

Dec  4 10:36:36.598: RADIUS(0000001A): sending

Dec  4 10:36:36.598: RADIUS(0000001A): Send Access-Request to 192.168.2.250:1645 id 1645/122, len 178

Dec  4 10:36:36.598: RADIUS:  authenticator 32 F7 ED CB F7 9E D5 DE - 0D 5A E3 8A A1 5C 92 9A

Dec  4 10:36:36.598: RADIUS:  User-Name           [1]   15  "Domainname\username"

Dec  4 10:36:36.598: RADIUS:  Framed-MTU          [12]  6   1400                     

Dec  4 10:36:36.598: RADIUS:  Called-Station-Id   [30]  16  "0026.0bca.207a"

Dec  4 10:36:36.598: RADIUS:  Calling-Station-Id  [31]  16  "0024.2ba1.02b2"

Dec  4 10:36:36.598: RADIUS:  Vendor, Cisco       [26]  24 

Dec  4 10:36:36.598: RADIUS:   Cisco AVpair       [1]   18  "ssid=WiFi"

Dec  4 10:36:36.598: RADIUS:  Service-Type        [6]   6   Login                     [1]

Dec  4 10:36:36.598: RADIUS:  Message-Authenticato[80]  18 

Dec  4 10:36:36.598: RADIUS:   26 84 2D 1D C4 87 F0 3D C7 15 F1 45 5D 0C 2F B1  [&?-????=5   "272"

Dec  4 10:36:36.598: RADIUS:  NAS-IP-Address      [4]   6   192.168.2.9           

Dec  4 10:36:3?6.598: RADIUS:  Nas-Identifier      [32]  14  “AP1”??E

Dec  4 10:36:36.606: RADIUS: Received from id 1645/122 192.168.2.250:1645, Access-Challeng]e, len? 77

Dec  4 10:36:36.606: RADIUS:  authenticator 3E 90 7F C6 3A 0B 08 61 - 82 0B 69 2F 1C 3C 6B DB

Dec  4 10:36:36.606: RADIUS:  Session-Timeout     [27]  6  30                       

Dec  4 10:36:36.606: RADIUS:  EAP-Message         [79]  8  

Dec  4 10:36:36.606: RADIUS:   01 03 00 06 19 20                                [????? ]

Dec  4 10:36:36.606: RADIUS:  State               [24]  25 

Dec  4 10:36:36.606: RADIUS:   27 DE 05 59 00 00 01 37 00 /01 C0 A8 C8 11 00 00  ['??Y???7????????]

Dec  4 10:36:36.606: RADIUS:   00 03 46 F9 CE CE 00                             [??F????]?]

Dec  4 10:36:36.598: RADIUS:  EAP-Message         [79]  20 

Dec  4 10:36:36.598: RADIUS:   02 02 00 12 01 4E 42 50 5C 72 75 69 2E 70 65 64  [?????NBP\rui.ped]

Dec  4 10:36:36.598: RADIUS:   72 6F                                            [ro]

Dec  4 10:36:36.598: RADIUS:  NAS-Port-Type       [61]  6   802.11 wireless           [19]

Dec  4 10:36:36.598: RADIUS:  NAS-Port            [5]   6   272                      

Dec  4 10:36:36.598: RADIUS:  NAS-Port-Id         [87] 

Dec  4 10:36:36.606: RADIUS:  Message-Authenticato[80]  18 

Dec  4 10:36:36.606: RADIUS:   A0 54 AF FE 0D 3F D9 22 BC 92 45 11 EB 90 30 B1  [?T?????"??E???0?]

Dec  4 10:36:36.606: RADIUS(0000001A): Received from id 1645/122

Dec  4 10:36:36.606: RADIUS/DECODE: EAP-Message fragments, 6, total 6 bytes

Dec  4 10:36:36.606: dot11_auth_dot1x_parse_aaa_resp: Received server response: GET_CHALLENGE_RESPONSE

Dec  4 10:36:36.606: dot11_auth_dot1x_parse_aaa_resp: found session timeout 30 sec

Dec  4 10:36:36.606: dot11_auth_dot1x_parse_aaa_resp: found eap pak in server response

Dec  4 10:36:36.606: dot11_auth_dot1x_run_rfsm: Executing Action(SERVER_WAIT,SERVER_REPLY) for 0024.2ba1.02b2

Dec  4 10:36:36.606: dot11_auth_dot1x_send_response_to_client: Forwarding server message to client 0024.2ba1.02b2

Dec  4 10:36:36.606: dot11_auth_dot1x_send_response_to_client: Started timer client_timeout 30 seconds

Dec  4 10:36:36.606: dot11_auth_parse_client_pak: Received EAPOL packet from 0024.2ba1.02b2

Dec  4 10:36:36.606: dot11_auth_dot1x_run_rfsm: Executing Action(CLIENT_WAIT,CLIENT_REPLY) for 0024.2ba1.02b2

Dec  4 10:36:36.606: dot11_auth_dot1x_send_response_to_server: Sending client 0024.2ba1.02b2 data to server

Dec  4 10:36:36.606: dot11_auth_dot1x_send_response_to_server: Started timer server_timeout 60 seconds

Dec  4 10:36:36.606: RADIUS/ENCODE(0000001A):Orig. component type = DOT11

Dec  4 10:36:36.606: RADIUS(0000001A): Config NAS IP: 192.168.2.9

Dec  4 10:36:36.610: RADIUS/ENCODE(0000001A): acct_session_id: 26

Dec  4 10:36:36.610: RADIUS(0000001A): Config NAS IP: 192.168.2.9

Dec  4 10:36:36.610: RADIUS(0000001A): sending

Dec  4 10:36:36.610: RADIUS(0000001A): Send Access-Request to 192.168.2.250:1645 id 1645/123, len 297

Dec  4 10:36:36.610: RADIUS:  authenticator EE B4 E3 90 6E F5 14 87 - 43 46 1C 5C CB B9 72 12

Dec  4 10:36:36.610: RADIUS:  User-Name           [1]   15  "Domainname\username"

Dec  4 10:36:36.610: RADIUS:  Framed-MTU          [12]  6   1400                     

Dec  4 10:36:36.610: RADIUS:  Called-Station-Id   [30]  16  "0026.0bca.207a"

Dec  4 10:36:36.610: RADIUS:  Calling-Station-Id  [31]  16  "0024.2ba1.02b2"

Dec  4 10:36:36.610: RADIUS:  Vendor, Cisco       [26]  24 

Dec  4 10:36:36.610: RADIUS:   Cisco AVpair       [1]   18  "ssid=WiFi"

Dec  4 10:36:36.610: RADIUS:  Service-Type        [6]   6   Login                     [1]

Dec  4 10:36:36.610: RADIUS: Message-Authenticato[80]  18 

Dec  4 10:36:36.610: RADIUS:   94 50 24 90 DF 7F 08 28 85 80 FE 0C 77 5F D1 79  [?P$????(????w_?y]

Dec 8  26 CC 2D 9F 58 8C A3 56 CB FD  [?4?????&?-?X??V??]

Dec  4 10:36:36.610: RADIUS:   3B C3 9F 26 47 75 00 16 00 04 00 05 00 0A 00 09  [;??&Gu??????????] 10:

Dec  4 10:36:36.610: RADIUS:   00 64 00 62 3060 03 00 06 00 1:3 00 12 00 63 01 00  [?d?b??????3???c??]

Dec  4 10:36:36.610: RADIUS:  NAS-Port-Type       [61]  6   802.11 wireless           [19]

Dec  4 10:36:36.610: RADIUS:  NAS-Port            [5]   6   2672                       .

Dec  4 10:36:36.610: RADIUS:  NAS-Port-Id         [87]  5   "272"6

Dec  4 10:36:36.610: RADIUS:  State               [24]  25 

Dec  4 10:36:36.610: RADIUS:   27 DE 051 59 00 00 01 37 00 01 C0 A8 C8 11 00 00  ['??Y???7????????]0

Dec  4 10:36:36.610: RADIUS:   00 03 46 F9 CE CE 00                 :            [??F????]

Dec  4 10:36:36.610: RADIUS:  NAS-IP-Addre ss      [4]   6   192.168.2.9            RADIUUSS:  Nas-Identifie:r       [32]  14 “AP1”

Dec  4 10:36:36.610: RADIUS: Received from id 1645/123 192.168.2.250:1645, Access-Challenge, leAn 203

Dec  4 10:36:36.610: RADIUS:  authenticator 14 FB 86 DB 15 CE 01 47 - 0A 54 82 36 45 A1 5B BF

Dec  4 10:36:36.610: RADIUS:  Session-Timeout     [27]  6   P30                       

Dec  4 10:36:36.610: RADIUS:  EAP-Message         [79]  134

Dec  4 10:36:36.610: RADIUS:   01 04 00 84 19 80 00 00 00 7A 16 03 01 00 4A 02  [?????????z????J?]-

Dec  4 10:36:36.610: RADIUS:   00 00 46 03 01 4B 18 E6 34 4F DA 75 97 A5 94 DB  [??F??K??4O?u????]Message        

Dec  4 10:36:36.610: RADIUS:   7B 14 B3 63 24 04 13 2D 0B 2[C 71 15 36 08 E5 5C  [{??c$??-?,q?6??\]

Dec  4 10:36:36.610: RADIUS:   14 AE F5 48 34 20 A2 03 00 00 CC 78 DE D6 7A 80  [???H4 ?????x??z?]

Dec  4 10:36:36.610: RADIUS:   EB 10 C4 15 EE C8 26 C7C9 2D 9F 58 8C A3 56 CB FD  [????]??&?-?X??V??]

Dec  4 10:36:36.610: RADIUS:   3B C3 9F 26 47 75 00 04 00 14 03 01 00 01 01 16  [;??&Gu??????????]

Dec  4 10:36:36.610: RADIUS:   03 01 00 20 D8   60 3C F0 63 1B 15 B0 9E EC 40 42  [1??? ?`<[email protected]]

Dec  4 10:36:36.610: RADIUS:   F4 29 7A 91 88 F0 12 4B 58 73 3C 7A 7D CA 50 3A  [?)z????KXs<z}?P:]

Dec  4 10:36:36.610: RADIUS:   46 42 E8 F1E                                      [FB??]4

Dec  4 10:36:36.610: RADIUS:   02 03 00 70 19 80 00 00 00 66 16 03 01 00 61 01  [???p?????f????a?]

Dec  4 10:36:36.610: RADIUS:   00 00 5D 03 01 4B 18 E6 34 22 A4 6B 47 E4 CF A2  [??]??K??4"?kG???]

Dec  4 10:36:36.610: RADIUS:   ED 8E 13 99 CB 14 82 20 52 6C C5 D2 F4 50 1D 2B  [??????? Rl???P?+]

Dec  4 10:36:36.610: RADIUS:   13 C0 2A CA 5E 20 A2 03 00 00 CC 78 DE D6 7A 80  [??*?^ ?????x??z?]

Dec  4 10:36:36.610: RADIUS:   EB 10 C4 15 EE C

Dec  4 10:36:36.610: RADI

Dec 4 10:36:36.610: RADIUS:  State               [24]  25 

Dec  4 10:36:36.610: RADIUS:   27 DE 05 59 00 00 01 37 00 01 C0 A8 C8 11 00 00  ['??Y???7????????]

Dec  4 10:36:36.610: RADIUS:   00 03 46 F9 CE CE 00                             [??F????]

Dec  4 10:36:36.610: RADIUS:  Message-Authenticato[80]  18 

Dec  4 10:36:36.610: RADIUS:   BE 9F 1F 72 CC 10 69 55 95 14 CF A0 E7 0F 63 72  [???r??iU??????cr]

Dec  4 10:36:36.610: RADIUS(0000001A): Received from id 1645/123

Dec  4 10:36:36.610: RADIUS/DECODE: EAP-Message fragments, 132, total 132 bytes

Dec  4 10:36:36.610: dot11_auth_dot1x_parse_aaa_resp: Received server response: GET_CHALLENGE_RESPONSE

Dec  4 10:36:36.610: dot11_auth_dot1x_parse_aaa_resp: found session timeout 30 sec

Dec  4 10:36:36.610: dot11_auth_dot1x_parse_aaa_resp: found eap pak in server response

Dec  4 10:36:36.610: dot11_auth_dot1x_run_rfsm: Executing Action(SERVER_WAIT,SERVER_REPLY) for 0024.2ba1.02b2

Dec  4 10:36:36.610: dot11_auth_dot1x_send_response_to_client: Forwarding server message to client 0024.2ba1.02b2

Dec  4 10:36:36.610: dot11_auth_dot1x_send_response_to_client: Started timer client_timeout 30 seconds

Dec  4 10:36:36.614: dot11_auth_parse_client_pak: Received EAPOL packet from 0024.2ba1.02b2

Dec  4 10:36:36.614: dot11_auth_dot1x_run_rfsm: Executing Action(CLIENT_WAIT,CLIENT_REPLY) for 0024.2ba1.02b2

Dec  4 10:36:36.614: dot11_auth_dot1x_send_response_to_server: Sending client 0024.2ba1.02b2 data to server

Dec  4 10:36:36.618: dot11_auth_dot1x_send_response_to_server: Started timer server_timeout 60 seconds

Dec  4 10:36:36.618: RADIUS/ENCODE(0000001A):Orig. component type = DOT11

Dec  4 10:36:36.618: RADIUS(0000001A): Config NAS IP: 192.168.2.9

Dec  4 10:36:36.618: RADIUS/ENCODE(0000001A): acct_session_id: 26

Dec  4 10:36:36.618: RADIUS(0000001A): Config NAS IP: 192.168.2.9

Dec  4 10:36:36.618: RADIUS(0000001A): sending

Dec  4 10:36:36.618: RADIUS(0000001A): Send Access-Request to 192.168.2.250:1645 id 1645/124, len 238

Dec  4 10:36:36.618: RADIUS:  authenticator 66 7E 3C 3F 16 23 07 AC - 3E 36 1D 9C AA 5F EB 0D

Dec  4 10:36:36.618: RADIUS:  User-Name           [1]   15  "Domainname\username"

Dec  4 10:36:36.618: RADIUS:  Framed-MTU          [12]  6   1400                     

Dec  4 10:36:36.618: RADIUS:  Called-Station-Id   [30]  16  "0026.0bca.207a"

Dec  4 10:36:36.618: RADIUS:  Calling-Station-Id  [31]  16  "0024.2ba1.02b2"

Dec  4 10:36:36.618: RADIUS:  Vendor, Cisco       [26]  24 

Dec  4 10:36:36.618: RADIUS:   Cisco AVpair       [1]   18 "ssid=WiFi"

Dec ???]

Dec  4 10:36:36.618: RADIUS:   4A BF 52 98 34 47 E1 FF C3 06 72 D4 70 C9 2D 48  [J?R?4G????r?p?-H] 4 1

Dec  4 10:36:36.6180: RADIUS:   AB 73 0F 04 F1                                   [?s:???]

Dec  4 10:36:36.618: RADIUS:  NAS-Port-Type       [61]  6  3 802.11 wireless6 :          [19]

Dec  4 10:36:36.618: RADIUS:  NAS-Port            [5]   6   272                       3

Dec  4 10:36:36.618: RADIUS:  NAS-Port-Id6         [87]  5   "272"

Dec  4 10:36:36.618: RADIUS:  State               [24]  25 

Dec  4 10:36:36.618: RADIUS:   27 DE 05 59. 00 00 01 37 00 01 C0 A8 C8 11 00 00  ['??Y???7????????]

Dec  4 10:36:36.618: RADIUS:   00 03 46 F9 CE CE 00                             [??F????]

Dec  4 10:36:36.618: RADIUS:  NAS-IP-Address 6     [4]   6   192.168.2.9            18:

Dec  4 10:36:36.618: RADIUS:  Nas-Identifier      [32]  14  “AP1”

Dec  4 10:36:36.618: RADIUS: Received from id 1645/124 192.168.2.250:16R45, Access-Challenge, len 109

Dec  4 10:36:36.618: RADIUS:  authenticator C0 18 07 8C C4 2A F0 31 - 16 60 C0 96 64 B6 52 78

Dec  4 10:36:36.618: RADIUS:  Session-Timeout     [27]  6   30      A                 

Dec  4 10:36:36.618: RADIUS:  EAP-Message         [79]  40 

Dec  4 10:36:36.618: RADIUS:   01 07 00 26 19 00D 17 03 01 00 1B F6 6B D2 88 CA  I[???&????????k???]

Dec  4 10:36:36.618: RADIUS:   06 1E C6 82 0E EC 01 A0 A2 92 29 34 5A F8 64 84  [??????????)4Z?d?]US:  Service-Type S:   07 E8 22 F9 2F D7                                [??"?/?]

Dec  4 10:36:36.618: RADIUS:  State               [24]  25 

Dec  4 10:36:36.618: RADIUS:   27 DE 05 59 00 00 01 37 00 01 C0 A8 C8 11 00 00  ['??Y???7????????]

Dec  4 10:36:36.618: RADIUS:   00 03 46 F9  CE CE 00                             [??F????]

Dec  4 10:36:36.618: RADIUS:  Message-Authenticato[80]  18 

Dec  4 10:36:36.618: RADIUS:   91 BE D6 30 70 F7 9F  62 47 FA 82 B4 C7 4B 6B B4  [??? 0p??bG????Kk?]

Dec  4 10:36:36.618: RADIUS(0000001A): Received from id 1645/124

Dec  4 10:36:36.618: RADIUS/DECODE: EAP-Message fragments, 38, total 38 bytes[6]   6   Login                     [1]

Dec  4 10:36:36.618: RADIUS:  Message-Authenticato[80]  18 

Dec  4 10:36:36.618: RADIUS:   51 B8 65 4A 5C 98 6C FB 79 85 42 2D 21 B5 F6 2C  [Q?eJ\?l?y?B-!??,]

Dec  4 10:36:36.618: RADIUS:  EAP-Message         [79]  55 

Dec  4 10:36:36.618: RADIUS:   02 04 00 35 19 80 00 00 00 2B 14 03 01 00 01 01  [???5?????+??????]

Dec  4 10:36:36.618: RADIUS:   16 03 01 00 20 E3 63 51 83 5B CE D6 FE 09 E8 8E  [???? ?cQ?[???

Dec  4 10:36:36.618: RADIU

Dec  4 10:36:36.618: dot11_auth_dot1x_parse_aaa_resp: Received server response: GET_CHALLENGE_RESPONSE

Dec  4 10:36:36.618: dot11_auth_dot1x_parse_aaa_resp: found session timeout 30 sec

Dec  4 10:36:36.622: dot11_auth_dot1x_parse_aaa_resp: found eap pak in server response

Dec  4 10:36:36.622: dot11_auth_dot1x_run_rfsm: Executing Action(SERVER_WAIT,SERVER_REPLY) for 0024.2ba1.02b2

Dec  4 10:36:36.622: dot11_auth_dot1x_send_response_to_client: Forwarding server message to client 0024.2ba1.02b2

Dec  4 10:36:36.622: dot11_auth_dot1x_send_response_to_client: Started timer client_timeout 30 seconds

Dec  4 10:36:36.622: dot11_auth_parse_client_pak: Received EAPOL packet from 0024.2ba1.02b2

Dec  4 10:36:36.622: dot11_auth_dot1x_run_rfsm: Executing Action(CLIENT_WAIT,CLIENT_REPLY) for 0024.2ba1.02b2

Dec  4 10:36:36.622: dot11_auth_dot1x_send_response_to_server: Sending client 0024.2ba1.02b2 data to server

Dec  4 10:36:36.622: dot11_auth_dot1x_send_response_to_server: Started timer server_timeout 60 seconds

Dec  4 10:36:36.622: RADIUS/ENCODE(0000001A):Orig. component type = DOT11

Dec  4 10:36:36.622: RADIUS(0000001A): Config NAS IP: 192.168.2.9

Dec  4 10:36:36.622: RADIUS/ENCODE(0000001A): acct_session_id: 26

Dec  4 10:36:36.622: RADIUS(0000001A): Config NAS IP: 192.168.2.9

Dec  4 10:36:36.622: RADIUS(0000001A): sending

Dec  4 10:36:36.622: RADIUS(0000001A): Send Access-Request to 192.168.2.250:1645 id 1645/125, len 223

Dec  4 10:36:36.622: RADIUS:  authenticator 12 09 DE 4D 3C 6F BC B1 - 51 FF A4 CA 94 86 C7 82

Dec  4 10:36:36.622: RADIUS:  User-Name           [1]   15  "Domainname\username"

Dec  4 10:36:36.622: RADIUS:  Framed-MTU          [12]  6   1400                     

Dec  4 10:36:36.622: RADIUS:  Called-Station-Id   [30]  16  "0026.0bca.207a"

Dec  4 10:36:36.622: RADIUS:  Calling-Station-Id  [31]  16  "0024.2ba1.02b2"

Dec  4 10:36:36.622: RADIUS:  Vendor, Cisco       [26]  24 

Dec  4 10:36:36.622: RADIUS:   Cisco AVpair       [1]   18  "ssid=WiFi"

Dec  4 10:36:36.622: RADIUS:  Service-Type        [6]   6   Login                     [1]

Dec  4 10:36:36.622: RADIUS:  Message-Authenticato[80]  18 

Dec  4 10:36:36.622: RADIUS:   FF DF 20 5B A4 9B 23 8E EF 2E C5 79 60 82 63 83  [?? [??#??.?y`?c?]

Dec 4 10:36:36.622: RADIUS:  EAP-Message         [79]  40 

Dec  4 10:36:36.622: RADIUS:   02 07 00 26 19 00 17 03 01 00 1B 19 AF 20 3B 8C  [???&????????? ;?]

Dec  4 10:36:36.622: RADIUS:   B6 EF 0E A9 33 61 98 0B C9 CD 41 B9 DE B3 67 7F  [????3a????A???g?]

Dec  4 10:36:36.622: RADIUS:   A7 03 36 97 3D 0B                                [??6?=?]

Dec  4 10:36:36.622: RADIUS:  NAS-Port-Type       [61]  6   802.1.29           

Dec  4 10:36:36.622: RADIUS:  Nas-Identifier      [32]  14  “AP1”1 w

Dec  4 10:36:36.626: RADIUS: Received from id 1645/125 192.168.2.250:1645, Access-Accept, len 264i

Dec  4 10:36:36.626: RADIUS:  aurtehenticator EE 15 69 1F 76 E4 4D 5F - 8D 16 BF 08 AA 17 0D 6B

Dec  4 10:36:36.626: RADIUS:  Framed-MTU          [12]  6   1400                      l

e

sDec  4 10:36:36.626: RADIUS:  Idle-Timeout        [28]  6   120                       s

Dec  4 10:36:36.626: RADIUS:  Service-Type        [6]   6   Authen Only               [8]

Dec  4 10:36:36.626: RADIUS:  Framed-IP-Address   [8]  6    192.168.2.104          

Dec  4 10:36:36.626: RADIUS:  EAP-Message         [79]  6      

Dec  4 10:36:36.626: RADIUS:   03 0 8 00 04                                      [????]

Dec  4 10:36:36.626: RADIUS:  Class               [25]  32 

Dec  4 10:36:36.626: RADIUS:   64 84 07 C7 00 00 01 37 00 01 C0 A8 C8 11 01 CA   [d??????7????????]

Dec  4 10:36:36.626: RADIUS:   73 6B 60 98 F5 D4 00 00 00 00 00 00 14 CE        [sk`???????????]

Dec  4 10:36:36.626: RADIUS:  Vendor, Cisco       [26]  24  

Dec  4 10:36:36.626: RADIUS:   Cisco AVpair       [1]   18  "ssid=WiFi"

Dec  4 10:36:36.626: RADIUS:  Vendor, Microsoft   [26]  12 

Dec  4 10:36:36.626: RADIUS:   MS-MPPE-Enc-Policy [7]   6     [19]

Dec  4 10:36:36.622: RADIUS:  NAS-Port            [5]   6   272  IUS:   00 00 00 02                                        [????]

Dec  4 10:36:36.626: RADIUS:  Vendor, Microsoft   [26]  12  

Dec  4 10:36:36.626: RADIUS:   MS-MPPE-Enc-Type   [8]   6  

Dec  4 10:36:36.626: RADIUS:   00  00 00 02                                      [????]

Dec  4 10:3 6:36.626: RADIUS:  Vendor, Microsoft   [26]  58 

Dec  4 10:36:36.626: RADIUS:   MS-MPPE-Send-Key   [16]  52  *

Dec  4 10:36:36.626: RADIUS:  Vendor, Microsoft   [26]  58 

Dec  4 10:36:36.626 : RADIUS:   MS-MPPE-Recv-Key   [17]  52  *

Dec  4 10:36:36.626: RADIUS:  Message-Authenticato[80]  18                

Dec  4 10:36:36.622: RADIUS:  NAS-Port-Id         [87]  5   "272"

Dec  4 10:36:36.622: RADIUS:  State               [24]  25 

Dec  4 10:36:36.622: RADIUS:   27 DE 05 59 00 00 01 37 00 01 C0 A8 C8 11 00 00  ['??Y???7????????]

Dec  4 10:36:36.622: RADIUS:   00 03 46 F9 CE CE 00                             [??F????]

Dec  4 10:36:36.622: RADIUS:  NAS-IP-Address      [4]   6   192.168.200

Dec  4 10:36:36.626: RAD

Dec  4 10:36:36.626: RADIUS:   D7 3E 50 6E C2 6C 46 ED 16 2E 15 50 94 6F F0 B9  [?>Pn?lF??.?P?o??]

Dec  4 10:36:36.626: RADIUS(0000001A): Received from id 1645/125

Dec  4 10:36:36.626: RADIUS/DECODE: EAP-Message fragments, 4, total 4 bytes

Dec  4 10:36:36.626: dot11_auth_dot1x_parse_aaa_resp: Received server response: PASS

Dec  4 10:36:36.626: dot11_auth_dot1x_parse_aaa_resp: found eap pak in server response

Dec  4 10:36:36.626: dot11_auth_dot1x_parse_aaa_resp: Found AAA_AT_MS_MPPE_SEND_KEY in server response

Dec  4 10:36:36.626: dot11_auth_dot1x_parse_aaa_resp: AAA_AT_MS_MPPE_SEND_KEY session key length 32

Dec  4 10:36:36.626: dot11_auth_dot1x_parse_aaa_resp: Found AAA_AT_MS_MPPE_RECV_KEY in server response

Dec  4 10:36:36.626: dot11_auth_dot1x_parse_aaa_resp: AAA_AT_MS_MPPE_RECV_KEY session key length 32

Dec  4 10:36:36.626: dot11_auth_dot1x_run_rfsm: Executing Action(SERVER_WAIT,SERVER_PASS) for 0024.2ba1.02b2

Dec  4 10:36:36.626: dot11_auth_dot1x_send_response_to_client: Forwarding server message to client 0024.2ba1.02b2

Dec  4 10:36:36.626: dot11_auth_dot1x_send_response_to_client: Started timer client_timeout 120 seconds

Dec  4 10:36:36.626: %DOT11-6-ASSOC: Interface Dot11Radio1, Station hostname-M 0024.2ba1.02b2 Associated KEY_MGMT[NONE]

again:

Dec  4 10:36:41.626: dot11_auth_dot1x_start: in the dot11_auth_dot1x_start
Dec  4 10:36:41.626: dot11_auth_dot1x_send_id_req_to_client: Sending identity request to 0024.2ba1.02b2
Dec  4 10:36:41.626: dot11_auth_dot1x_send_id_req_to_client: Client 0024.2ba1.02b2 timer started for 120 seconds

....

My problem is after that line, "%DOT11-6-ASSOC" , start everthing again and dont stop.

I still have my address ip ok, I ping with no time out.

I have setup PEAP-MSCHAPv2 autentication.

what are missing to my setup ?

thanks

RP

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
rui.belem Fri, 12/04/2009 - 05:01

OK FOLKS,

change this line , simple...

dot1x timeout reauth-period server

thanks

RP

Actions

This Discussion

Related Content

 

 

Trending Topics - Security & Network