Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

eap-tls over isdn ppp links

Does anybody know if the new ppp authentication eap command support eap-tls (certifcate based) over´ppp on dialer interfaces ?

The EAP-MD5 auth method against ACS 3.0 works from a W2K dialin client, but no EAP-TLS with a cert ?

9 REPLIES
Bronze

Re: eap-tls over isdn ppp links

EAP-TLS is transparent to the cisco; it would act as a proxy, and forward everything to an external server. So any question of support *should* only depend on the external server being used.

I don't know much about ACS, but it looks like you should have at least 3.0(1.20). I also see CSCdv51783, fixed in 5.0(4), which says "Changed EAP type from EAP-TLS to "Host Based EAP", which means ANY type of host based EAP". I'm not really sure what that means, though...

New Member

Re: eap-tls over isdn ppp links

I tried out the scenario you described with an ACS 3.0(1.20) and a C800 acting as dialin-in router. In the incoming dialer pool i defined 'ppp authentication eap' wich leads - when i look to the debug output - into something weird. Using EAP-MD5 challenge on the W2K box against the ACS works fine. Setting the W2K box to a certbased EAP-PPP-auth leads to an endless PPP auth handshaking state on the C800. The C800 is rejecting the EAP method and tries to propose EAP-MD5 to the W2K box. Actual 12.x IOS is used. So it seems that the EAP method itself does matter to the Cisco.

Bronze

Re: eap-tls over isdn ppp links

Can you please send

debug ppp negot

debug ppp authen

debug ppp error

for both scenarios?

New Member

Re: eap-tls over isdn ppp links

Sorry for the delay.

Attaching information is a bit too much for the forum. I´ve sent it to you via e-Mail.

Everybody else interested in the output contact me.

New Member

Re: eap-tls over isdn ppp links

Mark, email did not work, so here we go:

EAP-MD5, working

----------------------------------------------------

dialin#sh deb

General OS:

AAA Authentication debugging is on

PPP:

PPP authentication debugging is on

PPP protocol errors debugging is on

PPP protocol negotiation debugging is on

dialin#

dialin#

00:21:163208757248: BR0:1 PPP: Phase is DOWN, Setup

00:21:164017224240: %DIALER-6-BIND: Interface BR0:1 bound to profile Di1

00:21:38: %LINK-3-UPDOWN: Interface BRI0:1, changed state to up

00:21:38: BR0:1 PPP: Authorization NOT required

00:21:38: BR0:1 PPP: Treating connection as a callin

00:21:38: BR0:1 PPP: Phase is ESTABLISHING, Passive Open

00:21:38: BR0:1 LCP: State is Listen

00:21:38: BR0:1 LCP: I CONFREQ [Listen] id 0 len 50

00:21:38: BR0:1 LCP: ACCM 0x00000000 (0x020600000000)

00:21:38: BR0:1 LCP: MagicNumber 0x57C35D76 (0x050657C35D76)

00:21:38: BR0:1 LCP: PFC (0x0702)

00:21:38: BR0:1 LCP: ACFC (0x0802)

00:21:38: BR0:1 LCP: Callback 6 (0x0D0306)

00:21:38: BR0:1 LCP: MRRU 1614 (0x1104064E)

00:21:38: BR0:1 LCP: EndpointDisc 1 Local

00:21:38: BR0:1 LCP: (0x13170166AE72CD43E34586BE7454B981)

00:21:38: BR0:1 LCP: (0x573AFD00000000)

00:21:38: BR0:1 LCP: O CONFREQ [Listen] id 1 len 31

00:21:38: BR0:1 LCP: AuthProto EAP (0x0304C227)

00:21:38: BR0:1 LCP: MagicNumber 0x508748B4 (0x0506508748B4)

00:21:38: BR0:1 LCP: MRRU 1524 (0x110405F4)

00:21:38: BR0:1 LCP: EndpointDisc 1 dialin (0x1309016469616C696E)

00:21:38: BR0:1 LCP: LinkDiscriminator 4 (0x17040004)

00:21:38: BR0:1 LCP: O CONFREJ [Listen] id 0 len 7

00:21:38: BR0:1 LCP: Callback 6 (0x0D0306)

00:21:38: BR0:1 LCP: I CONFREJ [REQsent] id 1 len 8

00:21:38: BR0:1 LCP: LinkDiscriminator 4 (0x17040004)

00:21:38: BR0:1 LCP: O CONFREQ [REQsent] id 2 len 27

00:21:38: BR0:1 LCP: AuthProto EAP (0x0304C227)

00:21:38: BR0:1 LCP: MagicNumber 0x508748B4 (0x0506508748B4)

00:21:38: BR0:1 LCP: MRRU 1524 (0x110405F4)

00:21:38: BR0:1 LCP: EndpointDisc 1 dialin (0x1309016469616C696E)

00:21:38: BR0:1 LCP: I CONFREQ [REQsent] id 1 len 47

00:21:38: BR0:1 LCP: ACCM 0x00000000 (0x020600000000)

00:21:38: BR0:1 LCP: MagicNumber 0x57C35D76 (0x050657C35D76)

00:21:38: BR0:1 LCP: PFC (0x0702)

00:21:38: BR0:1 LCP: ACFC (0x0802)

00:21:38: BR0:1 LCP: MRRU 1614 (0x1104064E)

00:21:38: BR0:1 LCP: EndpointDisc 1 Local

00:21:38: BR0:1 LCP: (0x13170166AE72CD43E34586BE7454B981)

00:21:38: BR0:1 LCP: (0x573AFD00000000)

00:21:38: BR0:1 LCP: O CONFACK [REQsent] id 1 len 47

00:21:38: BR0:1 LCP: ACCM 0x00000000 (0x020600000000)

00:21:38: BR0:1 LCP: MagicNumber 0x57C35D76 (0x050657C35D76)

00:21:38: BR0:1 LCP: PFC (0x0702)

00:21:38: BR0:1 LCP: ACFC (0x0802)

00:21:38: BR0:1 LCP: MRRU 1614 (0x1104064E)

00:21:38: BR0:1 LCP: EndpointDisc 1 Local

00:21:38: BR0:1 LCP: (0x13170166AE72CD43E34586BE7454B981)

00:21:38: BR0:1 LCP: (0x573AFD00000000)

00:21:38: BR0:1 LCP: I CONFACK [ACKsent] id 2 len 27

00:21:38: BR0:1 LCP: AuthProto EAP (0x0304C227)

00:21:38: BR0:1 LCP: MagicNumber 0x508748B4 (0x0506508748B4)

00:21:38: BR0:1 LCP: MRRU 1524 (0x110405F4)

00:21:38: BR0:1 LCP: EndpointDisc 1 dialin (0x1309016469616C696E)

00:21:38: BR0:1 LCP: State is Open

00:21:38: BR0:1 PPP: Phase is AUTHENTICATING, by this end

00:21:38: BR0:1 EAP: O REQUEST IDENTITY id 6 len 5

00:21:38: BR0:1 LCP: I IDENTIFY [Open] id 2 len 18 magic 0x57C35D76 MSRASV5.00

00:21:38: BR0:1 LCP: I IDENTIFY [Open] id 3 len 20 magic 0x57C35D76 MSRAS-0-ODIN

00:21:38: BR0:1 EAP: I RESPONSE IDENTITY id 6 len 9 from "depp"

00:21:38: BR0:1 EAP: O REQUEST MD5 id 8 len 28 from "dialin"

00:21:38: BR0:1 EAP: I RESPONSE MD5 id 8 len 26 from "depp"

00:21:38: BR0:1 PPP: Phase is FORWARDING, Attempting Forward

00:21:38: BR0:1 PPP: Phase is AUTHENTICATING, Unauthenticated User

00:21:38: AAA/AUTHEN/PPP (00000006): Pick method list 'eap-auth'

00:21:38: BR0:1 PPP: Sent CHAP LOGIN Request to AAA

00:21:39: BR0:1 PPP: Received LOGIN Response from AAA = PASS

00:21:39: BR0:1 PPP: Phase is FORWARDING, Attempting Forward

00:21:39: BR0:1 PPP: Phase is AUTHENTICATING, Authenticated User

00:21:39: BR0:1 EAP: O SUCCESS id 8 len 4

00:21:39: BR0:1 PPP: Phase is VIRTUALIZED

00:21:39: Di1 MLP: Added first link BR0:1 to bundle depp

00:21:39: Di1 PPP: Authorization NOT required

00:21:39: Di1 PPP: Treating connection as a callout

00:21:39: Di1 PPP: Phase is UP

00:21:39: Di1 CCP: O CONFREQ [Closed] id 2 len 10

00:21:39: Di1 CCP: MS-PPC supported bits 0x00000001 (0x120600000001)

00:21:39: Di1 CDPCP: O CONFREQ [Closed] id 2 len 4

00:21:39: Di1 IPCP: O CONFREQ [Closed] id 2 len 10

00:21:39: Di1 IPCP: Address 192.168.1.200 (0x0306C0A801C8)

00:21:39: Di1 CCP: I CONFREQ [REQsent] id 4 len 10

00:21:39: Di1 CCP: MS-PPC supported bits 0x00000001 (0x120600000001)

00:21:39: Di1 CCP: O CONFACK [REQsent] id 4 len 10

00:21:39: Di1 CCP: MS-PPC supported bits 0x00000001 (0x120600000001)

00:21:39: Di1 CCP: I CONFACK [ACKsent] id 2 len 10

00:21:39: Di1 CCP: MS-PPC supported bits 0x00000001 (0x120600000001)

00:21:39: Di1 CCP: State is Open

00:21:39: BR0:1 LCP: I PROTREJ [Open] id 6 len 10 protocol CDPCP (0x820701020004)

00:21:39: Di1 CDPCP: State is Listen

00:21:39: Di1 IPCP: I CONFREQ [REQsent] id 5 len 40

00:21:39: Di1 IPCP: CompressType VJ 15 slots CompressSlotID (0x0206002D0F01)

00:21:39: Di1 IPCP: Address 0.0.0.0 (0x030600000000)

00:21:39: Di1 IPCP: PrimaryDNS 0.0.0.0 (0x810600000000)

00:21:39: Di1 IPCP: PrimaryWINS 0.0.0.0 (0x820600000000)

00:21:39: Di1 IPCP: SecondaryDNS 0.0.0.0 (0x830600000000)

00:21:39: Di1 IPCP: SecondaryWINS 0.0.0.0 (0x840600000000)

00:21:39: Di1 IPCP: Pool returned 192.168.1.211

00:21:39: Di1 IPCP: O CONFREJ [REQsent] id 5 len 28

00:21:39: Di1 IPCP: PrimaryDNS 0.0.0.0 (0x810600000000)

00:21:39: Di1 IPCP: PrimaryWINS 0.0.0.0 (0x820600000000)

00:21:39: Di1 IPCP: SecondaryDNS 0.0.0.0 (0x830600000000)

00:21:39: Di1 IPCP: SecondaryWINS 0.0.0.0 (0x840600000000)

00:21:39: Di1 IPCP: I CONFACK [REQsent] id 2 len 10

00:21:39: Di1 IPCP: Address 192.168.1.200 (0x0306C0A801C8)

00:21:39: Di1 IPCP: I CONFREQ [ACKrcvd] id 7 len 16

00:21:39: Di1 IPCP: CompressType VJ 15 slots CompressSlotID (0x0206002D0F01)

00:21:39: Di1 IPCP: Address 0.0.0.0 (0x030600000000)

00:21:39: Di1 IPCP: O CONFNAK [ACKrcvd] id 7 len 10

00:21:39: Di1 IPCP: Address 192.168.1.211 (0x0306C0A801D3)

00:21:39: Di1 IPCP: I CONFREQ [ACKrcvd] id 8 len 16

00:21:39: Di1 IPCP: CompressType VJ 15 slots CompressSlotID (0x0206002D0F01)

00:21:39: Di1 IPCP: Address 192.168.1.211 (0x0306C0A801D3)

00:21:39: Di1 IPCP: O CONFACK [ACKrcvd] id 8 len 16

00:21:39: Di1 IPCP: CompressType VJ 15 slots CompressSlotID (0x0206002D0F01)

00:21:39: Di1 IPCP: Address 192.168.1.211 (0x0306C0A801D3)

00:21:39: Di1 IPCP: State is Open

00:21:39: Di1 IPCP: Install route to 192.168.1.211

00:21:39: Di1 IPCP: Add link info for cef entry 192.168.1.211

00:21:40: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0:1, changed state to up

00:21:44: %ISDN-6-CONNECT: Interface BRI0:1 is now connected to 20 depp

00:22:04: BR0:1 LCP: I TERMREQ [Open] id 9 len 16 (0x57C35D76003CCD7400000000)

00:22:04: BR0:1 LCP: O TERMACK [Open] id 9 len 4

00:22:04: BR0:1 CCP: State is Closed

00:22:04: BR0:1 PPP: Phase is TERMINATING

00:22:04: Di1 CCP: State is Closed

00:22:04: Di1 CDPCP: State is Closed

00:22:04: Di1 IPCP: Remove link info for cef entry 192.168.1.211

00:22:04: Di1 IPCP: State is Closed

00:22:04: Di1 PPP: Phase is TERMINATING

00:22:04: Di1 LCP: State is Closed

00:22:04: Di1 PPP: Phase is DOWN

00:22:04: Di1 IPCP: Remove route to 192.168.1.211

00:22:17230200832: %ISDN-6-DISCONNECT: Interface BRI0:1 disconnected from 20 depp, call

lasted 26 seconds

00:22:17179869184: %LINK-3-UPDOWN: Interface BRI0:1, changed state to down

00:22:17180641791: BR0:1 LCP: State is Closed

00:22:17179869184: BR0:1 PPP: Phase is DOWN

00:22:17179869867: %DIALER-6-UNBIND: Interface BR0:1 unbound from profile Di1

00:22:04: BR0:1 LCP: State is Closed

00:22:05: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0:1, changed state to down

dialin#

----------------------------------------------------

EAP-TLS with X.509 cert not, ACK-NAK does not stop

----------------------------------------------------

00:27:125379817526: BR0:1 PPP: Phase is DOWN, Setup

00:27:125362518578: %DIALER-6-BIND: Interface BR0:1 bound to profile Di1

00:27:29: %LINK-3-UPDOWN: Interface BRI0:1, changed state to up

00:27:29: BR0:1 PPP: Authorization NOT required

00:27:29: BR0:1 PPP: Treating connection as a callin

00:27:29: BR0:1 PPP: Phase is ESTABLISHING, Passive Open

00:27:29: BR0:1 LCP: State is Listen

00:27:29: BR0:1 LCP: I CONFREQ [Listen] id 0 len 50

00:27:29: BR0:1 LCP: ACCM 0x00000000 (0x020600000000)

00:27:29: BR0:1 LCP: MagicNumber 0x56225B3A (0x050656225B3A)

00:27:29: BR0:1 LCP: PFC (0x0702)

00:27:29: BR0:1 LCP: ACFC (0x0802)

00:27:29: BR0:1 LCP: Callback 6 (0x0D0306)

00:27:29: BR0:1 LCP: MRRU 1614 (0x1104064E)

00:27:29: BR0:1 LCP: EndpointDisc 1 Local

00:27:29: BR0:1 LCP: (0x13170166AE72CD43E34586BE7454B981)

00:27:29: BR0:1 LCP: (0x573AFD00000000)

00:27:29: BR0:1 LCP: O CONFREQ [Listen] id 1 len 31

00:27:29: BR0:1 LCP: AuthProto EAP (0x0304C227)

00:27:29: BR0:1 LCP: MagicNumber 0x508CA40B (0x0506508CA40B)

00:27:29: BR0:1 LCP: MRRU 1524 (0x110405F4)

00:27:29: BR0:1 LCP: EndpointDisc 1 dialin (0x1309016469616C696E)

00:27:29: BR0:1 LCP: LinkDiscriminator 5 (0x17040005)

00:27:29: BR0:1 LCP: O CONFREJ [Listen] id 0 len 7

00:27:29: BR0:1 LCP: Callback 6 (0x0D0306)

00:27:29: BR0:1 LCP: I CONFREJ [REQsent] id 1 len 8

00:27:29: BR0:1 LCP: LinkDiscriminator 5 (0x17040005)

00:27:29: BR0:1 LCP: O CONFREQ [REQsent] id 2 len 27

00:27:29: BR0:1 LCP: AuthProto EAP (0x0304C227)

00:27:29: BR0:1 LCP: MagicNumber 0x508CA40B (0x0506508CA40B)

00:27:29: BR0:1 LCP: MRRU 1524 (0x110405F4)

00:27:29: BR0:1 LCP: EndpointDisc 1 dialin (0x1309016469616C696E)

00:27:29: BR0:1 LCP: I CONFREQ [REQsent] id 1 len 47

00:27:29: BR0:1 LCP: ACCM 0x00000000 (0x020600000000)

00:27:29: BR0:1 LCP: MagicNumber 0x56225B3A (0x050656225B3A)

00:27:29: BR0:1 LCP: PFC (0x0702)

00:27:29: BR0:1 LCP: ACFC (0x0802)

00:27:29: BR0:1 LCP: MRRU 1614 (0x1104064E)

00:27:29: BR0:1 LCP: EndpointDisc 1 Local

00:27:29: BR0:1 LCP: (0x13170166AE72CD43E34586BE7454B981)

00:27:29: BR0:1 LCP: (0x573AFD00000000)

00:27:29: BR0:1 LCP: O CONFACK [REQsent] id 1 len 47

00:27:29: BR0:1 LCP: ACCM 0x00000000 (0x020600000000)

00:27:29: BR0:1 LCP: MagicNumber 0x56225B3A (0x050656225B3A)

00:27:29: BR0:1 LCP: PFC (0x0702)

00:27:29: BR0:1 LCP: ACFC (0x0802)

00:27:29: BR0:1 LCP: MRRU 1614 (0x1104064E)

00:27:29: BR0:1 LCP: EndpointDisc 1 Local

00:27:29: BR0:1 LCP: (0x13170166AE72CD43E34586BE7454B981)

00:27:29: BR0:1 LCP: (0x573AFD00000000)

00:27:29: BR0:1 LCP: I CONFACK [ACKsent] id 2 len 27

00:27:29: BR0:1 LCP: AuthProto EAP (0x0304C227)

00:27:29: BR0:1 LCP: MagicNumber 0x508CA40B (0x0506508CA40B)

00:27:29: BR0:1 LCP: MRRU 1524 (0x110405F4)

00:27:29: BR0:1 LCP: EndpointDisc 1 dialin (0x1309016469616C696E)

00:27:29: BR0:1 LCP: State is Open

00:27:29: BR0:1 PPP: Phase is AUTHENTICATING, by this end

00:27:29: BR0:1 EAP: O REQUEST IDENTITY id 8 len 5

00:27:29: BR0:1 LCP: I IDENTIFY [Open] id 2 len 18 magic 0x56225B3A MSRASV5.00

00:27:29: BR0:1 LCP: I IDENTIFY [Open] id 3 len 20 magic 0x56225B3A MSRAS-0-ODIN

00:27:29: BR0:1 EAP: I RESPONSE IDENTITY id 8 len 25 from "peter.schiek@vpn.net"

00:27:29: BR0:1 EAP: O REQUEST MD5 id 10 len 28 from "dialin"

00:27:29: BR0:1 EAP: I RESPONSE NAK id 10 len 6

00:27:29: BR0:1 EAP: O REQUEST MD5 id 11 len 28 from "dialin"

00:27:29: BR0:1 EAP: I RESPONSE NAK id 11 len 6

00:27:29: BR0:1 EAP: O REQUEST MD5 id 12 len 28 from "dialin"

00:27:29: BR0:1 EAP: I RESPONSE NAK id 12 len 6

00:27:29: BR0:1 EAP: O REQUEST MD5 id 13 len 28 from "dialin"

00:27:29: BR0:1 EAP: I RESPONSE NAK id 13 len 6

00:27:29: BR0:1 EAP: O REQUEST MD5 id 14 len 28 from "dialin"

00:27:29: BR0:1 EAP: I RESPONSE NAK id 14 len 6

00:27:29: BR0:1 EAP: O REQUEST MD5 id 15 len 28 from "dialin"

00:27:30: BR0:1 EAP: I RESPONSE NAK id 15 len 6

00:27:30: BR0:1 EAP: O REQUEST MD5 id 16 len 28 from "dialin"

00:27:30: BR0:1 EAP: I RESPONSE NAK id 16 len 6

00:27:30: BR0:1 EAP: O REQUEST MD5 id 17 len 28 from "dialin"

00:27:30: BR0:1 EAP: I RESPONSE NAK id 17 len 6

00:27:30: BR0:1 EAP: O REQUEST MD5 id 18 len 28 from "dialin"

00:27:30: BR0:1 EAP: I RESPONSE NAK id 18 len 6

00:27:30: BR0:1 EAP: O REQUEST MD5 id 19 len 28 from "dialin"

00:27:30: BR0:1 EAP: I RESPONSE NAK id 19 len 6

00:27:30: BR0:1 EAP: O REQUEST MD5 id 20 len 28 from "dialin"

00:27:30: BR0:1 EAP: I RESPONSE NAK id 20 len 6

00:27:30: BR0:1 EAP: O REQUEST MD5 id 21 len 28 from "dialin"

00:27:30: BR0:1 EAP: I RESPONSE NAK id 21 len 6

00:27:30: BR0:1 EAP: O REQUEST MD5 id 22 len 28 from "dialin"

00:27:30: BR0:1 EAP: I RESPONSE NAK id 22 len 6

00:27:30: BR0:1 EAP: O REQUEST MD5 id 23 len 28 from "dialin"

00:27:30: BR0:1 EAP: I RESPONSE NAK id 23 len 6

00:27:30: BR0:1 EAP: O REQUEST MD5 id 24 len 28 from "dialin"

00:27:30: BR0:1 EAP: I RESPONSE NAK id 24 len 6

00:27:30: BR0:1 EAP: O REQUEST MD5 id 25 len 28 from "dialin"

00:27:30: BR0:1 EAP: I RESPONSE NAK id 25 len 6

00:27:30: BR0:1 EAP: O REQUEST MD5 id 26 len 28 from "dialin"

00:27:30: BR0:1 EAP: I RESPONSE NAK id 26 len 6

00:27:30: BR0:1 EAP: O REQUEST MD5 id 27 len 28 from "dialin"

00:27:30: BR0:1 EAP: I RESPONSE NAK id 27 len 6

00:27:30: BR0:1 EAP: O REQUEST MD5 id 28 len 28 from "dialin"

00:27:30: BR0:1 EAP: I RESPONSE NAK id 28 len 6

00:27:30: BR0:1 EAP: O REQUEST MD5 id 29 len 28 from "dialin"

00:27:30: BR0:1 EAP: I RESPONSE NAK id 29 len 6

00:27:30: BR0:1 EAP: O REQUEST MD5 id 30 len 28 from "dialin"

00:27:30: BR0:1 EAP: I RESPONSE NAK id 30 len 6

00:27:30: BR0:1 EAP: O REQUEST MD5 id 31 len 28 from "dialin"

00:27:30: BR0:1 EAP: I RÅES NAK id 38 len 6

00:27:30: BR0:1 EAP: O REQUEST MD5 id 39 len 28 from "dialin"

00:27:30: BR0:1 EAP: I RESPONSE NAK id 39 len 6

00:27:30: BR0:1 EAP: O REQUEST MD5 id 40 len 28 from "dialin"

00:27:30: BR0:1 EAP: I RESPONSE NAK id 40 len 6

00:27:30: BR0:1 EAP: O REQUEST MD5 id 41 len 28 from "dialin"

00:27:30: BR0:1 EAP: I RESPONSE NAK id 41 len 6

00:27:30: BR0:1 EAP: O REQUEST MD5 id 42 len 28 from "dialin"

00:27:31: BR0:1 EAP: I RESPONSE NAK id 42 len 6

00:27:31: BR0:1 EAP: O REQUEST MD5 id 43 len 28 from "dialin"

00:27:31: BR0:1 EAP: I RESPONSE NAK id 43 len 6

00:27:31: BR0:1 EAP: O REQUEST MD5 id 44 len 28 from "dialin"

00:27:31: BR0:1 EAP: I RESPONSE NAK id 44 len 6

00:27:31: BR0:1 EAP: O REQUEST MD5 id 45 len 28 from "dialin"

00:27:31: BR0:1 EAP: I RESPONSE NAK id 45 len 6

00:27:31: BR0:1 EAP: O REQUEST MD5 id 46 len 28 from "dialin"

00:27:31: BR0:1 EAP: I RESPONSE NAK id 46 len 6

00:27:31: BR0:1 EAP: O REQUEST MD5 id 47 len 28 from "dialin"

00:27:31: BR0:1 EAP: I RESPONSE NAK id 47 len 6

00:27:31: BR0:1 EAP: O REQUEST MD5 id 48 len 28 from "dialin"

00:27:31: BR0:1 EAP: I RESPONSE NAK id 48 len 6

00:27:31: BR0:1 EAP: O REQUEST MD5 id 49 len 28 from "dialin"

00:27:31: BR0:1 EAP: éES NAK id 56 len 6

00:27:31: BR0:1 EAP: O REQUEST MD5 id 57 len 28 from "dialin"

00:27:31: BR0:1 EAP: I RESPONSE NAK id 57 len 6

00:27:31: BR0:1 EAP: O REQUEST MD5 id 58 len 28 from "dialin"

00:27:31: BR0:1 EAP: I RESPONSE NAK id 58 len 6

00:27:31: BR0:1 EAP: O REQUEST MD5 id 59 len 28 from "dialin"

00:27:31: BR0:1 EAP: I RESPONSE NAK id 59 len 6

00:27:31: BR0:1 EAP: O REQUEST MD5 id 60 len 28 from "dialin"

00:27:31: BR0:1 EAP: I RESPONSE NAK id 60 len 6

00:27:31: BR0:1 EAP: O REQUEST MD5 id 61 len 28 from "dialin"

00:27:31: BR0:1 EAP: I RESPONSE NAK id 61 len 6

00:27:31: BR0:1 EAP: O REQUEST MD5 id 62 len 28 from "dialin"

00:27:31: BR0:1 EAP: I RESPONSE NAK id 62 len 6

00:27:31: BR0:1 EAP: O REQUEST MD5 id 63 len 28 from "dialin"

00:27:31: BR0:1 EAP: I RESPONSE NAK id 63 len 6

00:27:31: BR0:1 EAP: O REQUEST MD5 id 64 len 28 from "dialin"

00:27:31: BR0:1 EAP: I RESPONSE NAK id 64 len 6

00:27:31: BR0:1 EAP: O REQUEST MD5 id 65 len 28 from "dialin"

00:27:31: BR0:1 EAP: I RESPONSE NAK id 65 len 6

00:27:31: BR0:1 EAP: O REQUEST MD5 id 66 len 28 from "dialin"

00:27:31: BR0:1 EAP: I RESPONSE NAK id 66 len 6

00:27:31: BR0:1 EAP: O REQUEST MD5 id 67 len 28 from "dialin"

00:27:31: BR0:1 EAP: I RESPONSE NAK id 67 len 6

00:27:31: BR0:1 EAP: O REQUEST MD5 id 68 len 28 from "dialin"

00:27:31: BR0:1 EAP: I RESPONSE NAK id 68 len 6

00:27:31: BR0:1 EAP: O REQUEST MD5 id 69 len 28 from "dialin"

00:27:32: BR0:1 EAP: I RESPONSE NAK id 69 len 6

00:27:32: BR0:1 EAP: O REQUEST MD5 id 70 len 28 from "dialin"

00:27:32: BR0:1 EAP: I RESPONSE NAK id 70 len 6

00:27:32: BR0:1 EAP: O REQUEST MD5 id 71 len 28 from "dialin"

00:27:32: BR0:1 EAP: I RESPONSE NAK id 71 len 6

00:27:32: BR0:1 EAP: O REQUEST MD5 id 72 len 28 from "dialin"

00:27:32: BR0:1 EAP: I RESPONSE NAK id 72 len 6

00:27:32: BR0:1 EAP: O REQUEST MD5 id 73 len 28 from "dialin"

00:27:32: BR0:1 EAP: I RESPONSE NAK id 73 len 6

00:27:32: BR0:1 EAP: O REQUEST MD5 id 74 len 28 from "dialin"

00:27:32: BR0:1 EAP: I RESPONSE NAK id 74 len 6

00:27:32: BR0:1 EAP: O REQUEST MD5 id 75 len 28 from "dialin"

00:27:32: BR0:1 EAP: I RESPONSE NAK id 75 len 6

00:27:32: BR0:1 EAP: O REQUEST MD5 id 76 len 28 from "dialin"

00:27:32: BR0:1 EAP: I RESPONSE NAK id 76 len 6

00:27:32: BR0:1 EAP: O REQUEST MD5 id 77 len 28 from "dialin"

00:27:32: BR0:1 EAP: I RESPONSE NAK id 77 len 6

00:27:32: BR0:1 EAP: O REQUEST MD5 id 78 len 28 from "dialin"

00:27:32: BR0:1 EAP: I RESPONSE NAK id 78 len 6

00:27:32: BR0:1 EAP: O REQUEST MD5 id 79 len 28 from "dialin"

00:27:32: BR0:1 EAP: I RESPONSE NAK id 79 len 6

00:27:32: BR0:1 EAP: O REQUEST MD5 id 80 len 28 from "dialin"

00:27:32: BR0:1 EAP: I RESPONSE NAK id 80 len 6

00:27:32: BR0:1 EAP: O REQUEST MD5 id 81 len 28 from "dialin"

00:27:32: BR0:1 EAP: I RESPONSE NAK id 81 len 6

00:27:32: BR0:1 EAP: O REQUEST MD5 id 82 len 28 from "dialin"

00:27:32: BR0:1 EAP: I RESPONSE NAK id 82 len 6

00:27:32: BR0:1 EAP: O REQUEST MD5 id 83 len 28 from "dialin"

00:27:32: BR0:1 EAP: I RESPONSE NAK id 83 len 6

00:27:32: BR0:1 EAP: O REQUEST MD5 id 84 len 28 from "dialin"

00:27:32: BR0:1 EAP: I RESPONSE NAK id 84 len 6

00:27:32: BR0:1 EAP: O REQUEST MD5 id 85 len 28 from "dialin"

00:27:32: BR0:1 EAP: I RESPONSE NAK id 85 len 6

00:27:32: BR0:1 EAP: O REQUEST MD5 id 86 len 28 from "dialin"

00:27:32: BR0:1 EAP: I RESPONSE NAK id 86 len 6

00:27:32: BR0:1 EAP: O REQUEST MD5 id 87 len 28 from "dialin"

00:27:32: BR0:1 EAP: I RESPONSE NAK id 87 len 6

00:27:32: BR0:1 EAP: O REQUEST MD5 id 88 len 28 from "dialin"

00:27:32: BR0:1 EAP: I RESPONSE NAK id 88 len 6

00:27:32: BR0:1 EAP: O REQUEST MD5 id 89 len 28 from "dialin"

00:27:32: BR0:1 EAP: I RESPONSE NAK id 89 len 6

00:27:32: BR0:1 EAP: O REQUEST MD5 id 90 len 28 from "dialin"

00:27:32: BR0:1 EAP: I RESPONSE NAK id 90 len 6

00:27:32: BR0:1 EAP: O REQUEST MD5 id 91 len 28 from "dialin"

00:27:32: BR0:1 EAP: I RESPONSE NAK id 91 len 6

00:27:32: BR0:1 EAP: O REQUEST MD5 id 92 len 28 from "dialin"

00:27:32: BR0:1 EAP: I RESPONSE NAK id 92 len 6

00:27:32: BR0:1 EAP: O REQUEST MD5 id 93 len 28 from "dialin"

00:27:32: BR0:1 EAP: I RESPONSE NAK id 93 len 6

00:27:32: BR0:1 EAP: O REQUEST MD5 id 94 len 28 from "dialin"

00:27:32: BR0:1 EAP: I RESPONSE NAK id 94 len 6

00:27:32: BR0:1 EAP: O REQUEST MD5 id 95 len 28 from "dialin"

00:27:32: BR0:1 EAP: I RESPONSE NAK id 95 len 6

00:27:32: BR0:1 EAP: O REQUEST MD5 id 96 len 28 from "dialin"

00:27:33: BR0:1 EAP: I RESPONSE NAK id 96 len 6

00:27:33: BR0:1 EAP: O REQUEST MD5 id 97 len 28 from "dialin"

00:27:33: BR0:1 EAP: I RESPONSE NAK id 97 len 6

00:27:33: BR0:1 EAP: O REQUEST MD5 id 98 len 28 from "dialin"

00:27:33: BR0:1 EAP: I RESPONSE NAK id 98 len 6

00:27:33: BR0:1 EAP: O REQUEST MD5 id 99 len 28 from "dialin"

00:27:33: BR0:1 EAP: I RESPONSE NAK id 99 len 6

00:27:33: BR0:1 EAP: O REQUEST MD5 id 100 len 28 from "dialin"

00:27:33: BR0:1 EAP: I RESPONSE NAK id 100 len 6

00:27:33: BR0:1 EAP: O REQUEST MD5 id 101 len 28 from "dialin"

00:27:33: BR0:1 EAP: I RESPONSE NAK id 101 len 6

00:27:33: BR0:1 EAP: O REQUEST MD5 id 102 len 28 from "dialin"

00:27:33: BR0:1 EAP: I RESPONSE NAK id 102 len 6

00:27:33: BR0:1 EAP: O REQUEST MD5 id 103 len 28 from "dialin"

00:27:33: BR0:1 EAP: I RESPONSE NAK id 103 len 6

00:27:33: BR0:1 EAP: O REQUEST MD5 id 104 len 28 from "dialin"

00:27:33: BR0:1 EAP: I RESPONSE NAK id 104 len 6

00:27:33: BR0:1 EAP: O REQUEST MD5 id 105 len 28 from "dialin"

00:27:33: BR0:1 EAP: I RESPONSE NAK id 105 len 6

00:27:33: BR0:1 EAP: O REQUEST MD5 id 106 len 28 from "dialin"

00:27:33: BR0:1 EAP: I RESPONSE NAK id 106 len 6

00:27:33: BR0:1 EAP: O REQUEST MD5 id 107 len 28 from "dialin"

00:27:33: BR0:1 EAP: I RESPONSE NAK id 107 len 6

00:27:33: BR0:1 EAP: O REQUEST MD5 id 108 len 28 from "dialin"

00:27:33: BR0:1 EAP: I RESPONSE NAK id 108 len 6

00:27:33: BR0:1 EAP: O REQUEST MD5 id 109 len 28 from "dialin"

00:27:33: BR0:1 EAP: I RESPONSE NAK id 109 len 6

00:27:33: BR0:1 EAP: O REQUEST MD5 id 110 len 28 from "dialin"

00:27:33: BR0:1 EAP: I RESPONSE NAK id 110 len 6

00:27:33: BR0:1 EAP: O REQUEST MD5 id 111 len 28 from "dialin"

00:27:33: BR0:1 EAP: I RESPONSE NAK id 111 len 6

00:27:33: BR0:1 EAP: O REQUEST MD5 id 112 len 28 from "dialin"

00:27:33: BR0:1 EAP: I RESPONSE NAK id 112 len 6

00:27:33: BR0:1 EAP: O REQUEST MD5 id 113 len 28 from "dialin"

00:27:33: BR0:1 EAP: I RESPONSE NAK id 113 len 6

00:27:33: BR0:1 EAP: O REQUEST MD5 id 114 len 28 from "dialin"

00:27:33: BR0:1 EAP: I RESPONSE NAK id 114 len 6

00:27:33: BR0:1 EAP: O REQUEST MD5 id 115 len 28 from "dialin"

00:27:33: BR0:1 EAP: I RESPONSE NAK id 115 len 6

00:27:33: BR0:1 EAP: O REQUEST MD5 id 116 len 28 from "dialin"

00:27:33: BR0:1 EAP: I RESPONSE NAK id 116 len 6

00:27:33: BR0:1 EAP: O REQUEST MD5 id 117 len 28 from "dialin"

00:27:33: BR0:1 EAP: I RESPONSE NAK id 117 len 6

00:27:33: BR0:1 EAP: O REQUEST MD5 id 118 len 28 from "dialin"

00:27:33: BR0:1 EAP: I RESPONSE NAK id 118 len 6

00:27:33: BR0:1 EAP: O REQUEST MD5 id 119 len 28 from "dialin"

00:27:33: BR0:1 EAP: I RESPONSE NAK id 119 len 6

00:27:33: BR0:1 EAP: O REQUEST MD5 id 120 len 28 from "dialin"

00:27:33: BR0:1 EAP: I RESPONSE NAK id 120 len 6

00:27:33: BR0:1 EAP: O REQUEST MD5 id 121 len 28 from "dialin"

00:27:33: BR0:1 EAP: I RESPONSE NAK id 121 len 6

00:27:33: BR0:1 EAP: O REQUEST MD5 id 122 len 28 from "dialin"

00:27:33: BR0:1 EAP: I RESPONSE NAK id 122 len 6

00:27:33: BR0:1 EAP: O REQUEST MD5 id 123 len 28 from "dialin"

00:27:34: BR0:1 EAP: I RESPONSE NAK id 123 len 6

00:27:34: BR0:1 EAP: O REQUEST MD5 id 124 len 28 from "dialin"

00:27:34: BR0:1 EAP: I RESPONSE NAK id 124 len 6

00:27:34: BR0:1 EAP: O REQUEST MD5 id 125 len 28 from "dialin"

00:27:34: BR0:1 EAP: I RESPONSE NAK id 125 len 6

00:27:34: BR0:1 EAP: O REQUEST MD5 id 126 len 28 from "dialin"

00:27:34: BR0:1 EAP: I RESPONSE NAK id 126 len 6

00:27:34: BR0:1 EAP: O REQUEST MD5 id 127 len 28 from "dialin"

00:27:34: BR0:1 EAP: I RESPONSE NAK id 127 len 6

00:27:34: BR0:1 EAP: O REQUEST MD5 id 128 len 28 from "dialin"

00:27:34: BR0:1 EAP: I RESPONSE NAK id 128 len 6

00:27:34: BR0:1 EAP: O REQUEST MD5 id 129 len 28 from "dialin"

00:27:34: BR0:1 EAP: I RESPONSE NAK id 129 len 6

00:27:34: BR0:1 EAP: O REQUEST MD5 id 130 len 28 from "dialin"

00:27:34: BR0:1 EAP: I RESPONSE NAK id 130 len 6

00:27:34: BR0:1 EAP: O REQUEST MD5 id 131 len 28 from "dialin"

00:27:34: BR0:1 EAP: I RESPONSE NAK id 131 len 6

00:27:34: BR0:1 EAP: O REQUEST MD5 id 132 len 28 from "dialin"

00:27:34: BR0:1 EAP: I RESPONSE NAK id 132 len 6

00:27:34: BR0:1 EAP: O REQUEST MD5 id 133 len 28 from "dialin"

00:27:34: BR0:1 EAP: I RESPONSE NAK id 133 len 6

00:27:34: BR0:1 EAP: O REQUEST MD5 id 134 len 28 from "dialin"

00:27:34: BR0:1 EAP: I RESPONSE NAK id 134 len 6

00:27:34: BR0:1 EAP: O REQUEST MD5 id 135 len 28 from "dialin"

00:27:34: BR0:1 EAP: I RESPONSE NAK id 135 len 6

00:27:34: BR0:1 EAP: O REQUEST MD5 id 136 len 28 from "dialin"

00:27:34: BR0:1 EAP: I RESPONSE NAK id 136 len 6

00:27:34: BR0:1 EAP: O REQUEST MD5 id 137 len 28 from "dialin"

00:27:34: BR0:1 EAP: I RESPONSE NAK id 137 len 6

00:27:34: BR0:1 EAP: O REQUEST MD5 id 138 len 28 from "dialin"

00:27:34: BR0:1 EAP: I RESPONSE NAK id 138 len 6

00:27:34: BR0:1 EAP: O REQUEST MD5 id 139 len 28 from "dialin"

00:27:34: BR0:1 EAP: I RESPONSE NAK id 139 len 6

00:27:34: BR0:1 EAP: O REQUEST MD5 id 140 len 28 from "dialin"

00:27:34: BR0:1 EAP: I RESPONSE NAK id 140 len 6

00:27:34: BR0:1 EAP: O REQUEST MD5 id 141 len 28 from "dialin"

00:27:34: BR0:1 EAP: I RESPONSE NAK id 141 len 6

00:27:34: BR0:1 EAP: O REQUEST MD5 id 142 len 28 from "dialin"

00:27:34: BR0:1 EAP: I RESPONSE NAK id 142 len 6

00:27:34: BR0:1 EAP: O REQUEST MD5 id 143 len 28 from "dialin"

00:27:34: BR0:1 EAP: I RESPONSE NAK id 143 len 6

00:27:34: BR0:1 EAP: O REQUEST MD5 id 144 len 28 from "dialin"

00:27:34: BR0:1 EAP: I RESPONSE NAK id 144 len 6

00:27:34: BR0:1 EAP: O REQUEST MD5 id 145 len 28 from "dialin"

00:27:34: BR0:1 EAP: I RESPONSE NAK id 145 len 6

00:27:34: BR0:1 EAP: O REQUEST MD5 id 146 len 28 from "dialin"

00:27:34: BR0:1 EAP: I RESPONSE NAK id 146 len 6

00:27:34: BR0:1 EAP: O REQUEST MD5 id 147 len 28 from "dialin"

00:27:34: BR0:1 EAP: I RESPONSE NAK id 147 len 6

00:27:34: BR0:1 EAP: O REQUEST MD5 id 148 len 28 from "dialin"

00:27:34: BR0:1 EAP: I RESPONSE NAK id 148 len 6

00:27:34: BR0:1 EAP: O REQUEST MD5 id 149 len 28 from "dialin"

00:27:34: BR0:1 EAP: I RESPONSE NAK id 149 len 6

00:27:34: BR0:1 EAP: O REQUEST MD5 id 150 len 28 from "dialin"

00:27:35: BR0:1 EAP: I RESPONSE NAK id 150 len 6

00:27:35: BR0:1 EAP: O REQUEST MD5 id 151 len 28 from "dialin"

00:27:35: BR0:1 EAP: I RESPONSE NAK id 151 len 6

00:27:35: BR0:1 EAP: O REQUEST MD5 id 152 len 28 from "dialin"

00:27:35: BR0:1 EAP: I RESPONSE NAK id 152 len 6

00:27:35: BR0:1 EAP: O REQUEST MD5 id 153 len 28 from "dial

dialin#

----------------------------------------------------

Bronze

Re: eap-tls over isdn ppp links

I never asked the most important question...what version do you have? EAP support came out initially for natively EAP-MD5; support for EAP-proxy (which is what my first answer addressed) is not fully released yet, it's only available for internal images. The next release that you probably want to look at is either 12.2(2)XB5, or 12.2(10)T (although the numbering could change).

New Member

Re: eap-tls over isdn ppp links

Here we go...

Cisco Internetwork Operating System Software

IOS (tm) C800 Software (C800-K9OSY6-MW), Version 12.2(8)T, RELEASE SOFTWARE (fc2)

TAC Support: http://www.cisco.com/tac

Copyright (c) 1986-2002 by cisco Systems, Inc.

Compiled Thu 14-Feb-02 13:17 by ccai

Image text-base: 0x00195000, data-base: 0x00C54000

ROM: TinyROM version 1.0(2)

dialin uptime is 8 minutes

System returned to ROM by power-on

System image file is "flash:c800-k9osy6-mw.122-8.T.bin"

Cisco C801 (MPC850) processor (revision 0) with 54528K bytes of virtual memory.

Processor board ID JAD03130352 (1659123888)

CPU part number 0x2100

X.25 software, Version 3.0.0.

Bridging software.

Basic Rate ISDN software, Version 1.1.

1 Ethernet/IEEE 802.3 interface(s)

1 ISDN Basic Rate interface(s)

12M bytes of physical memory (DRAM)

8K bytes of non-volatile configuration memory

8M bytes of flash on board (4M from flash card)

Configuration register is 0x2102

Bronze

Re: eap-tls over isdn ppp links

Yeah, it looks like you will need to wait for 12.2(10)T for the eap-proxy stuff. Sorry for the delay in getting to the bottom line.

New Member

Re: eap-tls over isdn ppp links

Never mind, i´m glad anyone was even able to tell me that EAP-TLS support will be supported for PPP links.

So i´ll wait for 12.2(10)T and maybe i´ll get back to you ;-)

Thanks a lot.

144
Views
0
Helpful
9
Replies
CreatePlease to create content