ā09-06-2013 06:48 AM - edited ā03-10-2019 08:52 PM
I have a Cisco Aironet Access point which cannot be authenticated by a remote RADIUS server to connect to wireless lan through EAP-TLS. These is the debug output from the AAA process.
*Mar 7 10:56:56.337: dot11_auth_dot1x_start: in the dot11_auth_dot1x_start
*Mar 7 10:56:56.369: dot11_auth_parse_client_pak: Received EAPOL packet from 08
11.9650.8cb0
*Mar 7 10:56:56.385: dot11_auth_parse_client_pak: Received EAPOL packet from 08
11.9650.8cb0
*Mar 7 10:56:56.385: dot11_auth_parse_client_pak: id is not matching req-id:1re
sp-id:2, waiting for response
*Mar 7 10:56:56.401: dot11_auth_parse_client_pak: Received EAPOL packet from 08
11.9650.8cb0
*Mar 7 10:56:56.717: dot11_auth_dot1x_parse_aaa_resp: Received server response:
GET_CHALLENGE_RESPONSE
*Mar 7 10:56:56.717: dot11_auth_dot1x_parse_aaa_resp: found eap pak in server r
esponse
*Mar 7 10:56:56.785: dot11_auth_parse_client_pak: Received EAPOL packet from 08
11.9650.8cb0
*Mar 7 10:56:57.097: dot11_auth_dot1x_parse_aaa_resp: Received server response:
GET_CHALLENGE_RESPONSE
*Mar 7 10:56:57.097: dot11_auth_dot1x_parse_aaa_resp: found eap pak in server r
esponse
*Mar 7 10:56:57.101: dot11_auth_parse_client_pak: Received EAPOL packet from 08
11.9650.8cb0
*Mar 7 10:56:57.393: dot11_auth_dot1x_parse_aaa_resp: Received server response:
GET_CHALLENGE_RESPONSE
*Mar 7 10:56:57.393: dot11_auth_dot1x_parse_aaa_resp: found eap pak in server r
esponse
*Mar 7 10:56:57.397: dot11_auth_parse_client_pak: Received EAPOL packet from 08
11.9650.8cb0
*Mar 7 10:56:57.673: dot11_auth_dot1x_parse_aaa_resp: Received server response:
GET_CHALLENGE_RESPONSE
*Mar 7 10:56:57.673: dot11_auth_dot1x_parse_aaa_resp: found eap pak in server r
esponse
*Mar 7 10:56:57.677: dot11_auth_parse_client_pak: Received EAPOL packet from 08
11.9650.8cb0
*Mar 7 10:56:57.953: dot11_auth_dot1x_parse_aaa_resp: Received server response:
GET_CHALLENGE_RESPONSE
*Mar 7 10:56:57.953: dot11_auth_dot1x_parse_aaa_resp: found eap pak in server r
esponse
*Mar 7 10:56:57.957: dot11_auth_parse_client_pak: Received EAPOL packet from 08
11.9650.8cb0
*Mar 7 10:56:58.317: dot11_auth_dot1x_parse_aaa_resp: Received server response:
GET_CHALLENGE_RESPONSE
*Mar 7 10:56:58.317: dot11_auth_dot1x_parse_aaa_resp: found eap pak in server r
esponse
*Mar 7 10:56:58.321: dot11_auth_parse_client_pak: Received EAPOL packet from 08
11.9650.8cb0
*Mar 7 10:56:58.685: dot11_auth_dot1x_parse_aaa_resp: Received server response:
GET_CHALLENGE_RESPONSE
*Mar 7 10:56:58.685: dot11_auth_dot1x_parse_aaa_resp: found eap pak in server r
esponse
*Mar 7 10:56:58.685: dot11_auth_parse_client_pak: Received EAPOL packet from 08
11.9650.8cb0
*Mar 7 10:56:58.993: dot11_auth_dot1x_parse_aaa_resp: Received server response:
GET_CHALLENGE_RESPONSE
*Mar 7 10:56:58.993: dot11_auth_dot1x_parse_aaa_resp: found eap pak in server r
esponse
*Mar 7 10:56:59.041: dot11_auth_parse_client_pak: Received EAPOL packet from 08
11.9650.8cb0
*Mar 7 10:57:01.077: Client 0811.9650.8cb0 failed: reached maximum retries
*Mar 7 10:57:08.997: %RADIUS-4-RADIUS_DEAD: RADIUS server 165.72.12.12:1812,181
3 is not responding.
*Mar 7 10:57:08.997: %RADIUS-4-RADIUS_ALIVE: RADIUS server 165.72.12.12:1812,18
13 is being marked alive.
*Mar 7 10:57:14.481: dot11_auth_dot1x_start: in the dot11_auth_dot1x_start
*Mar 7 10:57:14.521: dot11_auth_parse_client_pak: Received EAPOL packet from 08
11.9650.8cb0
*Mar 7 10:57:44.521: %DOT11-7-AUTH_FAILED: Station 0811.9650.8cb0 Authenticatio
n failed
*Mar 7 10:57:44.801: dot11_auth_dot1x_start: in the dot11_auth_dot1x_start
*Mar 7 10:57:44.829: dot11_auth_parse_client_pak: Received EAPOL packet from 08
11.9650.8cb0
*Mar 7 10:58:14.829: %DOT11-7-AUTH_FAILED: Station 0811.9650.8cb0 Authenticatio
n failed
*Mar 7 10:58:15.105: dot11_auth_dot1x_start: in the dot11_auth_dot1x_start
*Mar 7 10:58:15.141: dot11_auth_parse_client_pak: Received EAPOL packet from 08
11.9650.8cb0
*Mar 7 10:58:45.141: %DOT11-7-AUTH_FAILED: Station 0811.9650.8cb0 Authenticatio
n failed
*Mar 7 10:58:45.425: dot11_auth_dot1x_start: in the dot11_auth_dot1x_start
*Mar 7 10:58:45.449: dot11_auth_parse_client_pak: Received EAPOL packet from 08
11.9650.8cb0
*Mar 7 10:59:15.449: %DOT11-7-AUTH_FAILED: Station 0811.9650.8cb0 Authenticatio
n failed
*Mar 7 10:59:15.729: dot11_auth_dot1x_start: in the dot11_auth_dot1x_start
*Mar 7 10:59:15.753: dot11_auth_parse_client_pak: Received EAPOL packet from 08
11.9650.8cb0
*Mar 7 10:59:45.753: %DOT11-7-AUTH_FAILED: Station 0811.9650.8cb0 Authenticatio
n failed
*Mar 7 10:59:46.009: dot11_auth_dot1x_start: in the dot11_auth_dot1x_start
*Mar 7 10:59:46.037: dot11_auth_parse_client_pak: Received EAPOL packet from 08
11.9650.8cb0
*Mar 7 10:59:50.077: Client 0811.9650.8cb0 failed: reached maximum retries
*Mar 7 10:59:50.349: dot11_auth_dot1x_start: in the dot11_auth_dot1x_start
*Mar 7 10:59:50.373: dot11_auth_parse_client_pak: Received EAPOL packet from 08
11.9650.8cb0
*Mar 7 10:59:55.077: Client 0811.9650.8cb0 failed: reached maximum retries
*Mar 7 10:59:55.341: dot11_auth_dot1x_start: in the dot11_auth_dot1x_start
*Mar 7 10:59:55.361: dot11_auth_parse_client_pak: Received EAPOL packet from 08
11.9650.8cb0
*Mar 7 11:00:00.077: Client 0811.9650.8cb0 failed: reached maximum retries
*Mar 7 11:00:00.333: dot11_auth_dot1x_start: in the dot11_auth_dot1x_start
*Mar 7 11:00:00.357: dot11_auth_parse_client_pak: Received EAPOL packet from 08
11.9650.8cb0
*Mar 7 11:00:05.077: Client 0811.9650.8cb0 failed: reached maximum retries
*Mar 7 11:00:05.341: dot11_auth_dot1x_start: in the dot11_auth_dot1x_start
*Mar 7 11:00:05.365: dot11_auth_parse_client_pak: Received EAPOL packet from 08
11.9650.8cb0
*Mar 7 11:00:10.077: Client 0811.9650.8cb0 failed: reached maximum retries
ā09-07-2013 11:37 PM
You need to look into the RADIUS server logs to see the reason of the failure.
What do the logs on the RADIUS say about this client?
Rating useful replies is more useful than saying "Thank you"
ā09-11-2013 05:02 PM
Kindly get verified the configuration and the compatibility if there is a mismatch. Please find the link below for more information on EAP-TLS functions in Access points and clients.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: