×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Autonomous AP with EAP and NPS Windows 2008R2

Answered Question
Jun 12th, 2014
User Badges:

Hello,

 

I'm trying to configure ( three days and nothing :sad ) an autonomous AP with EAP authentication. The AP is a 1600 with software Version 15.2(2)JB2 and the RADIUS NPS is a Windows 2008R2.

When the client tries to authenticate, I get the following error on the AP:


Jun 12 11:39:13.945: RADIUS/ENCODE(00000062):Orig. component type = DOT11
Jun 12 11:39:13.945: RADIUS:  AAA Unsupported Attr: ssid              [347] 2   
Jun 12 11:39:13.945: RADIUS:  AAA Unsupported Attr: service-type      [345] 4   1
Jun 12 11:39:13.945: RADIUS:  AAA Unsupported Attr: interface         [222] 3   

Jun 12 11:39:13.945: RADIUS:   32                 [ 2]
Jun 12 11:39:13.945: RADIUS(00000062): Config NAS IP: 172.16.254.116
Jun 12 11:39:13.945: RADIUS(00000062): Config NAS IPv6:
Jun 12 11:39:13.945: RADIUS/ENCODE(00000062): acct_session_id: 87
Jun 12 11:39:13.945: RADIUS(00000062): Config NAS IP: 172.16.254.116
Jun 12 11:39:13.945: RADIUS(00000062): sending
Jun 12 11:39:13.945: RADIUS(00000062): Send Access-Request to 172.16.0.32:1812 id 1645/16, len 176
Jun 12 11:39:13.945: RADIUS:  authenticator 22 42 80 A5 A5 A3 1B 9C - 3C 79 68 45 58 6E BF 0D
Jun 12 11:39:13.945: RADIUS:  User-Name           [1]   28  "host/WM-WSUS-998.empresa.local"
Jun 12 11:39:13.945: RADIUS:  Framed-MTU          [12]  6   1400                      
Jun 12 11:39:13.945: RADIUS:  Called-Station-Id   [30]  22  "2C-3E-CF-0B-BF-60:1A"
Jun 12 11:39:13.945: RADIUS:  Calling-Station-Id  [31]  16  "001e.58a2.ba4b"
Jun 12 11:39:13.945: RADIUS:  Service-Type        [6]   6   Login                     [1]
Jun 12 11:39:13.945: RADIUS:  Message-Authenticato[80]  18  
Jun 12 11:39:13.945: RADIUS:   FF FB F9 0F BB 98 02 E3 19 71 EC DF 94 D6 13 A6                 [ q]
Jun 12 11:39:13.945: RADIUS:  EAP-Message         [79]  33  
Jun 12 11:39:13.945: RADIUS:   02 02 00 1F 01 68 6F 73 74 2F 57 4D 2D 57 53 55 53 2D 39 39 38  [host/WM-WSUS-998]
Jun 12 11:39:13.945: RADIUS:   2E 63 62 61 2E 6C 6F 63 61 6C        [ .empresa.local]
Jun 12 11:39:13.945: RADIUS:  NAS-Port-Type       [61]  6   802.11 wireless           [19]
Jun 12 11:39:13.945: RADIUS:  NAS-Port            [5]   6   277                       
Jun 12 11:39:13.945: RADIUS:  NAS-Port-Id         [87]  5   "277"
Jun 12 11:39:13.945: RADIUS:  NAS-IP-Address      [4]   6   172.16.254.116            
Jun 12 11:39:13.945: RADIUS:  Nas-Identifier      [32]  4   "ap"
Jun 12 11:39:13.945: RADIUS(00000062): Sending a IPv4 Radius Packet
Jun 12 11:39:13.945: RADIUS(00000062): Started 5 sec timeout
Jun 12 11:39:13.949: RADIUS: Received from id 1645/16 172.16.0.32:1812, Access-Reject, len 44
Jun 12 11:39:13.949: RADIUS:  authenticator 7E 87 33 D9 2C 29 15 87 - 54 75 9A A2 A2 3E 63 08
Jun 12 11:39:13.949: RADIUS:  EAP-Message         [79]  6   
Jun 12 11:39:13.949: RADIUS:   04 02 00 04
Jun 12 11:39:13.949: RADIUS:  Message-Authenticato[80]  18  
Jun 12 11:39:13.949: RADIUS:   89 B3 79 93 B1 C5 2B 9D 43 A2 65 AE 9C 04 91 A4              [ y+Ce]
Jun 12 11:39:13.953: RADIUS(00000062): Received from id 1645/16
Jun 12 11:39:13.953: RADIUS/DECODE: EAP-Message fragments, 4, total 4 bytes
Jun 12 11:39:13.953: %DOT11-7-AUTH_FAILED: Station 001e.58a2.ba4b Authentication failed
Jun 12 11:39:14.973: RADIUS/ENCODE(00000063):Orig. component type = DOT11
Jun 12 11:39:14.973: RADIUS:  AAA Unsupported Attr: ssid              [347] 2   
Jun 12 11:39:14.973: RADIUS:  AAA Unsupported Attr: service-type      [345] 4   1
Jun 12 11:39:14.973: RADIUS:  AAA Unsupported Attr: interface         [222] 3   

Jun 12 11:39:14.973: RADIUS:   32                 [ 2]
Jun 12 11:39:14.973: RADIUS(00000063): Config NAS IP: 172.16.254.116
Jun 12 11:39:14.973: RADIUS(00000063): Config NAS IPv6:
Jun 12 11:39:14.973: RADIUS/ENCODE(00000063): acct_session_id: 88
Jun 12 11:39:14.973: RADIUS(00000063): Config NAS IP: 172.16.254.116
Jun 12 11:39:14.973: RADIUS(00000063): sending
Jun 12 11:39:14.973: RADIUS(00000063): Send Access-Request to 172.16.0.32:1812 id 1645/17, len 158
Jun 12 11:39:14.973: RADIUS:  authenticator 1D BA 6B A3 29 E2 0C AE - AA AA EC FD 14 2F CD 24
Jun 12 11:39:14.973: RADIUS:  User-Name           [1]   19  "Empresa\User"
Jun 12 11:39:14.973: RADIUS:  Framed-MTU          [12]  6   1400                      
Jun 12 11:39:14.973: RADIUS:  Called-Station-Id   [30]  22  "2C-3E-CF-0B-BF-60:1A"
Jun 12 11:39:14.973: RADIUS:  Calling-Station-Id  [31]  16  "001e.58a2.ba4b"
Jun 12 11:39:14.973: RADIUS:  Service-Type        [6]   6   Login                     [1]
Jun 12 11:39:14.973: RADIUS:  Message-Authenticato[80]  18  
Jun 12 11:39:14.973: RADIUS:   27 0E 57 4F 94 F1 A4 C2 A2 D7 CE 18 7C 2A B9 AF             [ 'WO|*]
Jun 12 11:39:14.973: RADIUS:  EAP-Message         [79]  24  
Jun 12 11:39:14.973: RADIUS:   02 02 00 16 01 43 42 41 5C 50 65 64 72 6F 2E 41 6C 6D 65 69 64  [Empresa\User]
Jun 12 11:39:14.973: RADIUS:   61                 [ a]
Jun 12 11:39:14.973: RADIUS:  NAS-Port-Type       [61]  6   802.11 wireless           [19]
Jun 12 11:39:14.973: RADIUS:  NAS-Port            [5]   6   278                       
Jun 12 11:39:14.973: RADIUS:  NAS-Port-Id         [87]  5   "278"
Jun 12 11:39:14.973: RADIUS:  NAS-IP-Address      [4]   6   172.16.254.116            
Jun 12 11:39:14.973: RADIUS:  Nas-Identifier      [32]  4   "ap"
Jun 12 11:39:14.973: RADIUS(00000063): Sending a IPv4 Radius Packet
Jun 12 11:39:14.973: RADIUS(00000063): Started 5 sec timeout
Jun 12 11:39:14.977: RADIUS: Received from id 1645/17 172.16.0.32:1812, Access-Challenge, len 90
Jun 12 11:39:14.977: RADIUS:  authenticator B0 3A 94 27 69 48 8A 39 - 71 DB 7C A3 6F B1 47 19
Jun 12 11:39:14.977: RADIUS:  Session-Timeout     [27]  6   30                        
Jun 12 11:39:14.977: RADIUS:  EAP-Message         [79]  8   
Jun 12 11:39:14.977: RADIUS:   01 03 00 06 19 20                 [  ]
Jun 12 11:39:14.977: RADIUS:  State               [24]  38  
Jun 12 11:39:14.977: RADIUS:   21 0E 03 C7 00 00 01 37 00 01 02 00 AC 10 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 30 7B 20 F6 EE            [ !7 0{ ]
Jun 12 11:39:14.977: RADIUS:  Message-Authenticato[80]  18  
Jun 12 11:39:14.977: RADIUS:   C3 8B 89 69 C7 7B 57 72 67 A5 8F B2 2C 84 44 7C          [ i{Wrg,D|]
Jun 12 11:39:14.977: RADIUS(00000063): Received from id 1645/17
Jun 12 11:39:14.977: RADIUS/DECODE: EAP-Message fragments, 6, total 6 bytes
Jun 12 11:39:14.985: RADIUS/ENCODE(00000063):Orig. component type = DOT11
Jun 12 11:39:14.985: RADIUS:  AAA Unsupported Attr: ssid              [347] 2   
Jun 12 11:39:14.985: RADIUS:  AAA Unsupported Attr: service-type      [345] 4   1
Jun 12 11:39:14.985: RADIUS:  AAA Unsupported Attr: interface         [222] 3   

Jun 12 11:39:14.985: RADIUS:   32                 [ 2]
Jun 12 11:39:14.985: RADIUS(00000063): Config NAS IP: 172.16.254.116
Jun 12 11:39:14.985: RADIUS(00000063): Config NAS IPv6:
Jun 12 11:39:14.985: RADIUS/ENCODE(00000063): acct_session_id: 88
Jun 12 11:39:14.985: RADIUS(00000063): Config NAS IP: 172.16.254.116
Jun 12 11:39:14.985: RADIUS(00000063): sending
Jun 12 11:39:14.985: RADIUS(00000063): Send Access-Request to 172.16.0.32:1812 id 1645/18, len 279
Jun 12 11:39:14.985: RADIUS:  authenticator BE 87 70 F0 26 CF FC 41 - 02 10 8D 7C CD 40 D1 12
Jun 12 11:39:14.985: RADIUS:  User-Name           [1]   19  "Empresa\User"
Jun 12 11:39:14.985: RADIUS:  Framed-MTU          [12]  6   1400                      
Jun 12 11:39:14.985: RADIUS:  Called-Station-Id   [30]  22  "2C-3E-CF-0B-BF-60:1A"
Jun 12 11:39:14.985: RADIUS:  Calling-Station-Id  [31]  16  "001e.58a2.ba4b"
Jun 12 11:39:14.985: RADIUS:  Service-Type        [6]   6   Login                     [1]
Jun 12 11:39:14.985: RADIUS:  Message-Authenticato[80]  18  
Jun 12 11:39:14.985: RADIUS:   63 30 E2 67 34 27 2D 93 C2 BD 0E F8 B0 E2 2D EF           [ c0g4'--]
Jun 12 11:39:14.985: RADIUS:  EAP-Message         [79]  107
Jun 12 11:39:14.985: RADIUS:   02 03 00 69 19 80 00 00 00 5F 16 03 01 00 5A 01 00 00 56 03 01 53 99 BB 5F 6E 1D 89 61 75 51 D9 7C C3 55 88 C7 E8 DF 37 E9 EB 1D 8C 21 09 0D 8C C5 59 47  [i_ZVS_nauQ|U7!YG]
Jun 12 11:39:14.985: RADIUS:   AD B1 00 00 18 00 2F 00 35 00 05 00 0A C0 13 C0 14 C0 09 C0 0A 00 32 00 38 00 13 00 04 01 00 00 15 FF 01 00 01 00 00 0A 00 06 00 04 00 17 00 18 00 0B 00 02 01 00              [ /528]
Jun 12 11:39:14.985: RADIUS:  NAS-Port-Type       [61]  6   802.11 wireless           [19]
Jun 12 11:39:14.985: RADIUS:  NAS-Port            [5]   6   278                       
Jun 12 11:39:14.985: RADIUS:  NAS-Port-Id         [87]  5   "278"
Jun 12 11:39:14.985: RADIUS:  State               [24]  38  
Jun 12 11:39:14.985: RADIUS:   21 0E 03 C7 00 00 01 37 00 01 02 00 AC 10 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 30 7B 20 F6 EE            [ !7 0{ ]
Jun 12 11:39:14.985: RADIUS:  NAS-IP-Address      [4]   6   172.16.254.116            
Jun 12 11:39:14.989: RADIUS:  Nas-Identifier      [32]  4   "ap"
Jun 12 11:39:14.989: RADIUS(00000063): Sending a IPv4 Radius Packet
Jun 12 11:39:14.989: RADIUS(00000063): Started 5 sec timeout
Jun 12 11:39:19.597: RADIUS(00000063): Request timed out
Jun 12 11:39:19.597: RADIUS: Retransmit to (172.16.0.32:1812,1813) for id 1645/18
Jun 12 11:39:19.597: RADIUS(00000063): Started 5 sec timeout
Jun 12 11:39:23.981: RADIUS(00000063): Request timed out
Jun 12 11:39:23.981: RADIUS: Retransmit to (172.16.0.32:1812,1813) for id 1645/18
Jun 12 11:39:23.981: RADIUS(00000063): Started 5 sec timeout
Jun 12 11:39:28.365: RADIUS(00000063): Request timed out
Jun 12 11:39:28.365: RADIUS: Retransmit to (172.16.0.32:1812,1813) for id 1645/18
Jun 12 11:39:28.365: RADIUS(00000063): Started 5 sec timeout
Jun 12 11:39:33.005: RADIUS(00000063): Request timed out
Jun 12 11:39:33.005: RADIUS: Retransmit to (172.16.0.32:1812,1813) for id 1645/18
Jun 12 11:39:33.005: RADIUS(00000063): Started 5 sec timeout
Jun 12 11:39:37.389: RADIUS(00000063): Request timed out
Jun 12 11:39:37.389: RADIUS: Fail-over denied to  (172.16.0.32:1812,1813) for id 1645/18
Jun 12 11:39:37.389: RADIUS: No response from (172.16.0.32:1812,1813) for id 1645/18
Jun 12 11:39:37.389: RADIUS/DECODE: No response from radius-server; parse response; FAIL
Jun 12 11:39:37.389: RADIUS/DECODE: Case error(no response/ bad packet/ op decode);parse response; FAIL

 

 

Attachment: 
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.

Actions

This Discussion

 

 

Trending Topics - Security & Network