WLC 4400 and Funk Odyssey RADIUS

Unanswered Question
Feb 7th, 2010

Hi


Had big problem today trying to get EAP-TTLS Intermec clients using Cisco 1242 LWAPP AP's on a WLC 4400,

The Funk Odyssey Server was reporting that the WLC was providing an unknown Vendor id. And was rejecting the requests to authenticate.

I'm at home now so haven't got the exact message.

EAP-PEAP devices were OK.


Can anyone point me in the right direction please ? I looked at the Odyssey Radius dictionary file but i'm not exerienced enough with RADIUS attributes to undestand what changes i need t make.



Thankyou


Anthony


Message was edited by: Anthony Milner Example from debugging on WLC: ending EAP-Request/Identity to mobile 00:02:2d:b4:6a:a8 (EAP Id 3) *Feb 09 09:46:00.044: 00:02:2d:b4:6a:a8 Received EAPOL EAPPKT from mobile 00:02:2d:b4:6a:a8 *Feb 09 09:46:00.044: 00:02:2d:b4:6a:a8 Received EAP Response packet with mismatching id (currentid=3, eapid=1) from mobile 00:02:2d:b4:6a:a8 *Feb 09 09:46:00.052: 00:02:2d:b4:6a:a8 Received EAPOL EAPPKT from mobile 00:02:2d:b4:6a:a8 *Feb 09 09:46:00.052: 00:02:2d:b4:6a:a8 Received EAP Response packet with mismatching id (currentid=3, eapid=2) from mobile 00:02:2d:b4:6a:a8 *Feb 09 09:46:00.055: 00:02:2d:b4:6a:a8 Received EAPOL EAPPKT from mobile 00:02:2d:b4:6a:a8 *Feb 09 09:46:00.055: 00:02:2d:b4:6a:a8 Received Identity Response (count=3) from mobile 00:02:2d:b4:6a:a8 *Feb 09 09:46:00.056: 00:02:2d:b4:6a:a8 EAP State update from Connecting to Authenticating for mobile 00:02:2d:b4:6a:a8 *Feb 09 09:46:00.056: 00:02:2d:b4:6a:a8 dot1x - moving mobile 00:02:2d:b4:6a:a8 into Authenticating state *Feb 09 09:46:00.056: 00:02:2d:b4:6a:a8 Entering Backend Auth Response state for mobile 00:02:2d:b4:6a:a8 *Feb 09 09:46:00.058: 00:02:2d:b4:6a:a8 Processing Access-Challenge for mobile 00:02:2d:b4:6a:a8 *Feb 09 09:46:00.058: 00:02:2d:b4:6a:a8 Entering Backend Auth Req state (id=4) for mobile 00:02:2d:b4:6a:a8 *Feb 09 09:46:00.058: 00:02:2d:b4:6a:a8 Sending EAP Request from AAA to mobile 00:02:2d:b4:6a:a8 (EAP Id 4) *Feb 09 09:46:00.485: 00:02:2d:b4:6a:a8 Copy AP LOCP - mode:0 slotId:0, apMac 0x0:23:34:3f:fa:b0 *Feb 09 09:46:00.485: 00:02:2d:b4:6a:a8 Copy WLAN LOCP EssIndex:4 aid:1 ssid:    test *Feb 09 09:46:00.486: 00:02:2d:b4:6a:a8 Copy Security LOCP ecypher:0x3 ptype:0x0, p:0x1, eaptype:0x6 w:0x1 aalg:0x0, PMState: 8021X_REQD *Feb 09 09:46:00.486: 00:02:2d:b4:6a:a8 Copy 802.11 LOCP a:0x0 b:0x0 c:0x0 d:0x0 e:0x0 protocol2:0x2 statuscode 0, reasoncode 99, status 3 *Feb 09 09:46:00.486: 00:02:2d:b4:6a:a8 Copy Username LOCP : [email protected] *Feb 09 09:46:00.486: 00:02:2d:b4:6a:a8 Copy MobilityData LOCP status:0, anchorip:0x0 *Feb 09 09:46:01.001: 00:02:2d:b4:6a:a8 802.1x 'timeoutEvt' Timer expired for station 00:02:2d:b4:6a:a8 *Feb 09 09:46:01.001: 00:02:2d:b4:6a:a8 Retransmit 1 of EAP-Request (length 10) for mobile 00:02:2d:b4:6a:a8 *Feb 09 09:46:01.730: 00:02:2d:b4:6a:a8 Association received from mobile on AP 00:23:34:3f:fa:b0 *Feb 09 09:46:01.730: 00:02:2d:b4:6a:a8 STA - rates (4): 2 4 11 22 0 0 0 0 0 0 0 0 0 0 0 0 *Feb 09 09:46:01.730: 00:02:2d:b4:6a:a8 0.0.0.0 8021X_REQD (3) Initializing policy *Feb 09 09:46:01.730: 00:02:2d:b4:6a:a8 0.0.0.0 8021X_REQD (3) Change state to AUTHCHECK (2) last state 8021X_REQD (3) *Feb 09 09:46:01.730: 00:02:2d:b4:6a:a8 0.0.0.0 AUTHCHECK (2) Change state to 8021X_REQD (3) last state 8021X_REQD (3) *Feb 09 09:46:01.730: 00:02:2d:b4:6a:a8 0.0.0.0 8021X_REQD (3) Plumbed mobile LWAPP rule on AP 00:23:34:3f:fa:b0


Message was edited by: Anthony Milner And a line from the Odyssey RADIUS log: Feb 10 13:48:14 2010: RadRadiusTracer: unable to find RadDictionaryVendor object for vendor id Feb 10 13:48:14 2010: Radius Packet Trace:

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion

 

 

Trending Topics - Security & Network