Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Cisco 1141 2008R2 NPS Radius Issues

I've turned debugging on the AP and while I suspect it's something wrong with the 2008R2 box, I was hoping for some insight here.

Relevant parts of our 1141 config

While I'd love to format these snippets properly, I'm not seeing any place that shows that tags this forum uses...

[quote]

aaa new-model

aaa group server radius rad_acct

server 10.1.1.6 auth-port 1812 acct-port 1813

!

aaa group server radius rad_admin

!

aaa group server tacacs+ tac_admin

!

aaa group server radius rad_pmip

!

aaa group server radius dummy

!

aaa authentication login eap_methods group rad_eap

dot11 ssid AMIR

   vlan 100

   authentication open eap eap_methods

   authentication network-eap eap_methods

   authentication key-management wpa version 2

   mbssid guest-mode

interface Dot11Radio0

encryption vlan 100 mode ciphers aes-ccm

ssid AMIR

radius-server host 10.1.1.6 auth-port 1812 acct-port 1813 key 7< SNIP>

[/quote]

Logs from NPS 2008R2 server showing successful auth (Reason code 0)

[quote]

<Event><Timestamp data_type="4">02/11/2014 11:37:51.222</Timestamp><Computer-Name data_type="1">DC</Computer-Name><Event-Source data_type="1">IAS</Event-Source><Framed-MTU data_type="0">1400</Framed-MTU><Called-Station-Id data_type="1">0008.30b7.eb31</Called-Station-Id><Calling-Station-Id data_type="1">001c.bf15.012f</Calling-Station-Id><Service-Type data_type="0">1</Service-Type><NAS-Port-Type data_type="0">19</NAS-Port-Type><NAS-Port data_type="0">361</NAS-Port><NAS-Port-Id data_type="1">361</NAS-Port-Id><NAS-IP-Address data_type="3">10.1.1.239</NAS-IP-Address><NAS-Identifier data_type="1">AMI_AP_1141</NAS-Identifier><Client-IP-Address data_type="3">10.1.1.239</Client-IP-Address><Client-Vendor data_type="0">0</Client-Vendor><Client-Friendly-Name data_type="1">AMI_AP_1141</Client-Friendly-Name><User-Name data_type="1">earth\platinum</User-Name><Proxy-Policy-Name data_type="1">Use Windows authentication for all users</Proxy-Policy-Name><Provider-Type data_type="0">1</Provider-Type><SAM-Account-Name data_type="1">EARTH\platinum</SAM-Account-Name><Class data_type="1">311 1 10.1.1.6 01/31/2014 04:40:54 210</Class><Authentication-Type data_type="0">5</Authentication-Type><NP-Policy-Name data_type="1">Cisco AP Radius</NP-Policy-Name><Fully-Qualifed-User-Name data_type="1">Earth.local/Users/Platinum Systems</Fully-Qualifed-User-Name><Quarantine-Update-Non-Compliant data_type="0">1</Quarantine-Update-Non-Compliant><Packet-Type data_type="0">1</Packet-Type><Reason-Code data_type="0">0</Reason-Code></Event>

<Event><Timestamp data_type="4">02/11/2014 11:37:51.222</Timestamp><Computer-Name data_type="1">DC</Computer-Name><Event-Source data_type="1">IAS</Event-Source><Class data_type="1">311 1 10.1.1.6 01/31/2014 04:40:54 210</Class><Session-Timeout data_type="0">30</Session-Timeout><Fully-Qualifed-User-Name data_type="1">Earth.local/Users/Platinum Systems</Fully-Qualifed-User-Name><Client-IP-Address data_type="3">10.1.1.239</Client-IP-Address><Client-Vendor data_type="0">0</Client-Vendor><Client-Friendly-Name data_type="1">AMI_AP_1141</Client-Friendly-Name><Proxy-Policy-Name data_type="1">Use Windows authentication for all users</Proxy-Policy-Name><Provider-Type data_type="0">1</Provider-Type><SAM-Account-Name data_type="1">EARTH\platinum</SAM-Account-Name><Quarantine-Update-Non-Compliant data_type="0">1</Quarantine-Update-Non-Compliant><Authentication-Type data_type="0">5</Authentication-Type><NP-Policy-Name data_type="1">Cisco AP Radius</NP-Policy-Name><Packet-Type data_type="0">11</Packet-Type><Reason-Code data_type="0">0</Reason-Code></Event

<Event><Timestamp data_type="4">02/11/2014 11:37:51.222</Timestamp><Computer-Name data_type="1">DC</Computer-Name><Event-Source data_type="1">IAS</Event-Source><Framed-MTU data_type="0">1400</Framed-MTU><Called-Station-Id data_type="1">0008.30b7.eb31</Called-Station-Id><Calling-Station-Id data_type="1">001c.bf15.012f</Calling-Station-Id><Service-Type data_type="0">1</Service-Type><NAS-Port-Type data_type="0">19</NAS-Port-Type><NAS-Port data_type="0">361</NAS-Port><NAS-Port-Id data_type="1">361</NAS-Port-Id><NAS-IP-Address data_type="3">10.1.1.239</NAS-IP-Address><NAS-Identifier data_type="1">AMI_AP_1141</NAS-Identifier><Client-IP-Address data_type="3">10.1.1.239</Client-IP-Address><Client-Vendor data_type="0">0</Client-Vendor><Client-Friendly-Name data_type="1">AMI_AP_1141</Client-Friendly-Name><User-Name data_type="1">earth\platinum</User-Name><Proxy-Policy-Name data_type="1">Use Windows authentication for all users</Proxy-Policy-Name><Provider-Type data_type="0">1</Provider-Type><SAM-Account-Name data_type="1">EARTH\platinum</SAM-Account-Name><Class data_type="1">311 1 10.1.1.6 01/31/2014 04:40:54 210</Class><Authentication-Type data_type="0">5</Authentication-Type><NP-Policy-Name data_type="1">Cisco AP Radius</NP-Policy-Name><Fully-Qualifed-User-Name data_type="1">Earth.local/Users/Platinum Systems</Fully-Qualifed-User-Name><Quarantine-Update-Non-Compliant data_type="0">1</Quarantine-Update-Non-Compliant><Packet-Type data_type="0">1</Packet-Type><Reason-Code data_type="0">0</Reason-Code></Event>

<Event><Timestamp data_type="4">02/11/2014 11:37:51.222</Timestamp><Computer-Name data_type="1">DC</Computer-Name><Event-Source data_type="1">IAS</Event-Source><Class data_type="1">311 1 10.1.1.6 01/31/2014 04:40:54 210</Class><Session-Timeout data_type="0">30</Session-Timeout><Fully-Qualifed-User-Name data_type="1">Earth.local/Users/Platinum Systems</Fully-Qualifed-User-Name><Client-IP-Address data_type="3">10.1.1.239</Client-IP-Address><Client-Vendor data_type="0">0</Client-Vendor><Client-Friendly-Name data_type="1">AMI_AP_1141</Client-Friendly-Name><Proxy-Policy-Name data_type="1">Use Windows authentication for all users</Proxy-Policy-Name><Provider-Type data_type="0">1</Provider-Type><SAM-Account-Name data_type="1">EARTH\platinum</SAM-Account-Name><Quarantine-Update-Non-Compliant data_type="0">1</Quarantine-Update-Non-Compliant><Authentication-Type data_type="0">5</Authentication-Type><NP-Policy-Name data_type="1">Cisco AP Radius</NP-Policy-Name><Packet-Type data_type="0">11</Packet-Type><Reason-Code data_type="0">0</Reason-Code></Event

[/quote]

Debug logs from AP

[quote]

Feb 11 12:04:31.698 CST: dot11_auth_add_client_entry: Create new client 001c.bf15.012f for application 0x1

Feb 11 12:04:31.698 CST: dot11_auth_initialize_client: 001c.bf15.012f is added to the client list for application 0x1

Feb 11 12:04:31.698 CST: dot11_auth_add_client_entry: req->auth_type 0

Feb 11 12:04:31.698 CST: dot11_auth_add_client_entry: auth_methods_inprocess: 2

Feb 11 12:04:31.698 CST: dot11_auth_add_client_entry: eap list name: eap_methods

Feb 11 12:04:31.698 CST: dot11_run_auth_methods: Start auth method EAP or LEAP

Feb 11 12:04:31.698 CST: dot11_auth_dot1x_start: in the dot11_auth_dot1x_start

Feb 11 12:04:31.698 CST: dot11_auth_dot1x_send_id_req_to_client: Sending identity request to 001c.bf15.012f

Feb 11 12:04:31.698 CST: EAPOL pak dump tx

Feb 11 12:04:31.698 CST: EAPOL Version: 0x1  type: 0x0  length: 0x002F

Feb 11 12:04:31.698 CST: EAP code: 0x1  id: 0x1  length: 0x002F type: 0x1

060050F0:                   0100002F 0101002F          .../.../

06005100: 01006E65 74776F72 6B69643D 414D4952  ..networkid=AMIR

06005110: 2C6E6173 69643D41 4D495F41 505F3131  ,nasid=AMI_AP_11

06005120: 34312C70 6F727469 643D30             41,portid=0

Feb 11 12:04:31.698 CST: dot11_auth_send_msg:  sending data to requestor status 1

Feb 11 12:04:31.699 CST: dot11_auth_send_msg: Sending EAPOL to requestor

Feb 11 12:04:31.699 CST: dot11_auth_dot1x_send_id_req_to_client: Client 001c.bf15.012f timer started for 30 seconds

Feb 11 12:04:31.769 CST: dot11_auth_parse_client_pak: Received EAPOL packet from 001c.bf15.012f

Feb 11 12:04:31.769 CST: EAPOL pak dump rx

Feb 11 12:04:31.769 CST: EAPOL Version: 0x1  type: 0x1  length: 0x0000

063D2110:                            01010000              ....

063D2120:

Feb 11 12:04:31.769 CST: dot11_auth_dot1x_run_rfsm: Executing Action(CLIENT_WAIT,EAP_START) for 001c.bf15.012f

Feb 11 12:04:31.770 CST: dot11_auth_dot1x_send_id_req_to_client: Sending identity request to 001c.bf15.012f

Feb 11 12:04:31.770 CST: EAPOL pak dump tx

Feb 11 12:04:31.770 CST: EAPOL Version: 0x1  type: 0x0  length: 0x002F

Feb 11 12:04:31.770 CST: EAP code: 0x1  id: 0x2  length: 0x002F type: 0x1

060049A0:                   0100002F 0102002F          .../.../

060049B0: 01006E65 74776F72 6B69643D 414D4952  ..networkid=AMIR

060049C0: 2C6E6173 69643D41 4D495F41 505F3131  ,nasid=AMI_AP_11

060049D0: 34312C70 6F727469 643D30             41,portid=0

Feb 11 12:04:31.770 CST: dot11_auth_send_msg:  sending data to requestor status 1

Feb 11 12:04:31.770 CST: dot11_auth_send_msg: Sending EAPOL to requestor

Feb 11 12:04:31.770 CST: dot11_auth_dot1x_send_id_req_to_client: Client 001c.bf15.012f timer started for 30 seconds

Feb 11 12:04:31.778 CST: dot11_auth_parse_client_pak: Received EAPOL packet from 001c.bf15.012f

Feb 11 12:04:31.779 CST: EAPOL pak dump rx

Feb 11 12:04:31.779 CST: EAPOL Version: 0x1  type: 0x0  length: 0x0021

Feb 11 12:04:31.779 CST: EAP code: 0x2  id: 0x1  length: 0x0021 type: 0x1

063453F0:                   01000021 02010021          ...!...!

06345400: 01686F73 742F5434 33302D77 696E382E  .host/T430-win8.

06345410: 73686164 796C6177 6E2E6E65 74        shadylawn.net

Feb 11 12:04:31.779 CST: dot11_auth_parse_client_pak: id is not matching req-id:1resp-id:2, waiting for response

Feb 11 12:04:31.788 CST: dot11_auth_parse_client_pak: Received EAPOL packet from 001c.bf15.012f

Feb 11 12:04:31.788 CST: EAPOL pak dump rx

Feb 11 12:04:31.788 CST: EAPOL Version: 0x1  type: 0x0  length: 0x0021

Feb 11 12:04:31.788 CST: EAP code: 0x2  id: 0x2  length: 0x0021 type: 0x1

0639A880:                            01000021              ...!

0639A890: 02020021 01686F73 742F5434 33302D77  ...!.host/T430-w

0639A8A0: 696E382E 73686164 796C6177 6E2E6E65  in8.shadylawn.ne

0639A8B0: 74                                   t

Feb 11 12:04:31.789 CST: dot11_auth_dot1x_run_rfsm: Executing Action(CLIENT_WAIT,CLIENT_REPLY) for 001c.bf15.012f

Feb 11 12:04:31.789 CST: dot11_auth_dot1x_send_response_to_server: Sending client 001c.bf15.012f data to server

Feb 11 12:04:31.789 CST: dot11_auth_dot1x_send_response_to_server: Started timer server_timeout 60 seconds

Feb 11 12:04:31.789 CST: RADIUS/ENCODE(00000079):Orig. component type = DOT11

Feb 11 12:04:31.789 CST: RADIUS:  AAA Unsupported Attr: ssid              [265] 4

Feb 11 12:04:31.790 CST: RADIUS:   41 4D                                            [AM]

Feb 11 12:04:31.790 CST: RADIUS:  AAA Unsupported Attr: interface         [157] 3

Feb 11 12:04:31.790 CST: RADIUS:   33                                               [3]

Feb 11 12:04:31.790 CST: RADIUS(00000079): Config NAS IP: 10.1.1.239

Feb 11 12:04:31.790 CST: RADIUS/ENCODE(00000079): acct_session_id: 121

Feb 11 12:04:31.790 CST: RADIUS(00000079): Config NAS IP: 10.1.1.239

Feb 11 12:04:31.790 CST: RADIUS(00000079): sending

Feb 11 12:04:31.790 CST: RADIUS(00000079): Send Access-Request to 10.1.1.6:1812 id 1645/90, len 183

Feb 11 12:04:31.790 CST: RADIUS:  authenticator 45 39 4E 67 33 B5 9A 62 - 55 0A 9F 47 BF DA 6D 84

Feb 11 12:04:31.791 CST: RADIUS:  User-Name           [1]   30  "host/T430-win8.shadylawn.net"

Feb 11 12:04:31.791 CST: RADIUS:  Framed-MTU          [12]  6   1400           

Feb 11 12:04:31.791 CST: RADIUS:  Called-Station-Id   [30]  16  "0008.30b7.eb31"

Feb 11 12:04:31.791 CST: RADIUS:  Calling-Station-Id  [31]  16  "001c.bf15.012f"

Feb 11 12:04:31.791 CST: RADIUS:  Service-Type        [6]   6   Login                     [1]

Feb 11 12:04:31.791 CST: RADIUS:  Message-Authenticato[80]  18

Feb 11 12:04:31.791 CST: RADIUS:   48 49 1E 9F EE 5B 0B 34 2D 90 13 D1 76 D3 38 6C  [HI???[?4-???v?8l]

Feb 11 12:04:31.791 CST: RADIUS:  EAP-Message         [79]  35

Feb 11 12:04:31.791 CST: RADIUS:   02 02 00 21 01 68 6F 73 74 2F 54 34 33 30 2D 77  [???!?host/T430-w]

Feb 11 12:04:31.791 CST: RADIUS:   69 6E 38 2E 73 68 61 64 79 6C 61 77 6E 2E 6E 65  [in8.shadylawn.ne]

Feb 11 12:04:31.791 CST: RADIUS:   74                                               [t]

Feb 11 12:04:31.791 CST: RADIUS:  NAS-Port-Type       [61]  6   802.11 wireless           [19]

Feb 11 12:04:31.791 CST: RADIUS:  NAS-Port            [5]   6   375            

Feb 11 12:04:31.791 CST: RADIUS:  NAS-Port-Id         [87]  5   "375"

Feb 11 12:04:31.791 CST: RADIUS:  NAS-IP-Address      [4]   6   10.1.1.239     

Feb 11 12:04:31.791 CST: RADIUS:  Nas-Identifier      [32]  13  "AMI_AP_1141"

Feb 11 12:04:34.077 CST: RADIUS: Received from id 1645/90 10.1.1.6:1812, Access-Reject, len 44

Feb 11 12:04:34.077 CST: RADIUS:  authenticator 31 65 3D 39 05 5C 9D 99 - 48 F4 C1 3E 78 6F C9 1E

Feb 11 12:04:34.077 CST: RADIUS:  EAP-Message         [79]  6

Feb 11 12:04:34.078 CST: RADIUS:   04 02 00 04                                      [????]

Feb 11 12:04:34.078 CST: RADIUS:  Message-Authenticato[80]  18

Feb 11 12:04:34.078 CST: RADIUS:   7C 6D 5C BD FC BB C0 CA 63 92 5B 89 CC 2D 06 7E  [|m\?????c?[??-?~]

Feb 11 12:04:34.078 CST: RADIUS(00000079): Received from id 1645/90

Feb 11 12:04:34.078 CST: RADIUS/DECODE: EAP-Message fragments, 4, total 4 bytes

Feb 11 12:04:34.078 CST: dot11_auth_dot1x_parse_aaa_resp: Received server response: FAIL

Feb 11 12:04:34.079 CST: dot11_auth_dot1x_parse_aaa_resp: found eap pak in server response

Feb 11 12:04:34.079 CST: Client 001c.bf15.012f failed: by EAP authentication server

Feb 11 12:04:34.079 CST: dot11_auth_dot1x_run_rfsm: Executing Action(SERVER_WAIT,SERVER_FAIL) for 001c.bf15.012f

Feb 11 12:04:34.079 CST: dot11_auth_dot1x_send_response_to_client: Forwarding server message to client 001c.bf15.012f

Feb 11 12:04:34.079 CST: EAPOL pak dump tx

Feb 11 12:04:34.079 CST: EAPOL Version: 0x1  type: 0x0  length: 0x0004

Feb 11 12:04:34.079 CST: EAP code: 0x4  id: 0x2  length: 0x0004

06003890:                   01000004 04020004          ........

060038A0:

Feb 11 12:04:34.079 CST: dot11_auth_send_msg:  sending data to requestor status 1

Feb 11 12:04:34.079 CST: dot11_auth_send_msg: Sending EAPOL to requestor

Feb 11 12:04:34.079 CST: dot11_auth_dot1x_send_response_to_client: Started timer client_timeout 30 seconds

Feb 11 12:04:34.079 CST: dot11_auth_dot1x_send_client_fail: Authentication failed for 001c.bf15.012f

Feb 11 12:04:34.079 CST: dot11_auth_send_msg:  sending data to requestor status 0

Feb 11 12:04:34.079 CST: dot11_auth_send_msg: client FAILED to authenticate 001c.bf15.012f, node_type 64 for application 0x1

Feb 11 12:04:34.080 CST: dot11_auth_delete_client_entry: 001c.bf15.012f is deleted for application 0x1

Feb 11 12:04:34.080 CST: %DOT11-7-AUTH_FAILED: Station 001c.bf15.012f Authentication failed

Feb 11 12:04:34.080 CST: dot11_aaa_upd_accounting: Updating attributes for user: 001c.bf15.012f

Feb 11 12:04:34.080 CST: dot11_aaa_upd_accounting: Updating attributes for user: 001c.bf15.012f

Feb 11 12:04:34.080 CST: dot11_auth_client_abort: Received abort request for client 001c.bf15.012f

Feb 11 12:04:34.080 CST: dot11_auth_client_abort: No client entry to abort: 001c.bf15.012f for application 0x1

Feb 11 12:04:34.495 CST: dot11_auth_add_client_entry: Create new client 001c.bf15.012f for application 0x1

Feb 11 12:04:34.495 CST: dot11_auth_initialize_client: 001c.bf15.012f is added to the client list for application 0x1

Feb 11 12:04:34.495 CST: dot11_auth_add_client_entry: req->auth_type 0

Feb 11 12:04:34.495 CST: dot11_auth_add_client_entry: auth_methods_inprocess: 2

Feb 11 12:04:34.495 CST: dot11_auth_add_client_entry: eap list name: eap_methods

Feb 11 12:04:34.495 CST: dot11_run_auth_methods: Start auth method EAP or LEAP

Feb 11 12:04:34.495 CST: dot11_auth_dot1x_start: in the dot11_auth_dot1x_start

Feb 11 12:04:34.495 CST: dot11_auth_dot1x_send_id_req_to_client: Sending identity request to 001c.bf15.012f

Feb 11 12:04:34.495 CST: EAPOL pak dump tx

Feb 11 12:04:34.495 CST: EAPOL Version: 0x1  type: 0x0  length: 0x002F

Feb 11 12:04:34.496 CST: EAP code: 0x1  id: 0x1  length: 0x002F type: 0x1

060055D0:                   0100002F 0101002F          .../.../

060055E0: 01006E65 74776F72 6B69643D 414D4952  ..networkid=AMIR

060055F0: 2C6E6173 69643D41 4D495F41 505F3131  ,nasid=AMI_AP_11

06005600: 34312C70 6F727469 643D30             41,portid=0

Feb 11 12:04:34.496 CST: dot11_auth_send_msg:  sending data to requestor status 1

Feb 11 12:04:34.496 CST: dot11_auth_send_msg: Sending EAPOL to requestor

Feb 11 12:04:34.496 CST: dot11_auth_dot1x_send_id_req_to_client: Client 001c.bf15.012f timer started for 30 seconds

Feb 11 12:04:34.552 CST: dot11_auth_parse_client_pak: Received EAPOL packet from 001c.bf15.012f

Feb 11 12:04:34.552 CST: EAPOL pak dump rx

Feb 11 12:04:34.552 CST: EAPOL Version: 0x1  type: 0x1  length: 0x0000

063D0160: 01010000                             ....

Feb 11 12:04:34.553 CST: dot11_auth_dot1x_run_rfsm: Executing Action(CLIENT_WAIT,EAP_START) for 001c.bf15.012f

Feb 11 12:04:34.553 CST: dot11_auth_dot1x_send_id_req_to_client: Sending identity request to 001c.bf15.012f

Feb 11 12:04:34.553 CST: EAPOL pak dump tx

Feb 11 12:04:34.553 CST: EAPOL Version: 0x1  type: 0x0  length: 0x002F

Feb 11 12:04:34.553 CST: EAP code: 0x1  id: 0x2  length: 0x002F type: 0x1

06000560:                   0100002F 0102002F          .../.../

06000570: 01006E65 74776F72 6B69643D 414D4952  ..networkid=AMIR

06000580: 2C6E6173 69643D41 4D495F41 505F3131  ,nasid=AMI_AP_11

06000590: 34312C70 6F727469 643D30             41,portid=0

Feb 11 12:04:34.553 CST: dot11_auth_send_msg:  sending data to requestor status 1

Feb 11 12:04:34.553 CST: dot11_auth_send_msg: Sending EAPOL to requestor

Feb 11 12:04:34.554 CST: dot11_auth_dot1x_send_id_req_to_client: Client 001c.bf15.012f timer started for 30 seconds

Feb 11 12:05:04.557 CST: dot11_auth_dot1x_run_rfsm: Executing Action(CLIENT_WAIT,TIMEOUT) for 001c.bf15.012f

Feb 11 12:05:04.557 CST: dot11_auth_dot1x_send_client_fail: Authentication failed for 001c.bf15.012f

Feb 11 12:05:04.557 CST: dot11_auth_send_msg:  sending data to requestor status 0

Feb 11 12:05:04.557 CST: dot11_auth_send_msg: client FAILED to authenticate 001c.bf15.012f, node_type 64 for application 0x1

Feb 11 12:05:04.557 CST: dot11_auth_delete_client_entry: 001c.bf15.012f is deleted for application 0x1

Feb 11 12:05:04.557 CST: %DOT11-7-AUTH_FAILED: Station 001c.bf15.012f Authentication failed

Feb 11 12:05:04.557 CST: dot11_aaa_upd_accounting: Updating attributes for user: 001c.bf15.012f

Feb 11 12:05:04.558 CST: dot11_aaa_upd_accounting: Updating attributes for user: 001c.bf15.012f

Feb 11 12:05:04.558 CST: dot11_auth_client_abort: Received abort request for client 001c.bf15.012f

Feb 11 12:05:04.558 CST: dot11_auth_client_abort: No client entry to abort: 001c

.bf15.012f for application 0x1

Feb 11 12:05:04.557 CST: dot11_auth_dot1x_run_rfsm: Executing Action(CLIENT_WAIT,TIMEOUT) for 001c.bf15.012f
Feb 11 12:05:04.557 CST: dot11_auth_dot1x_send_client_fail: Authentication failed for 001c.bf15.012f
Feb 11 12:05:04.557 CST: dot11_auth_send_msg:  sending data to requestor status 0
Feb 11 12:05:04.557 CST: dot11_auth_send_msg: client FAILED to authenticate 001c.bf15.012f, node_type 64 for application 0x1
Feb 11 12:05:04.557 CST: dot11_auth_delete_client_entry: 001c.bf15.012f is deleted for application 0x1
Feb 11 12:05:04.557 CST: %DOT11-7-AUTH_FAILED: Station 001c.bf15.012f Authentication failed
Feb 11 12:05:04.557 CST: dot11_aaa_upd_accounting: Updating attributes for user: 001c.bf15.012f
Feb 11 12:05:04.558 CST: dot11_aaa_upd_accounting: Updating attributes for user: 001c.bf15.012f
Feb 11 12:05:04.558 CST: dot11_auth_client_abort: Received abort request for client 001c.bf15.012f
Feb 11 12:05:04.558 CST: dot11_auth_client_abort: No client entry to abort: 001c.bf15.012f for application 0x1

[/quote]

  • Other Wireless - Mobility Subjects
3 REPLIES
Hall of Fame Super Silver

Re: Cisco 1141 2008R2 NPS Radius Issues

William,

Can you provide more info? Is this affecting every user on the wireless? Only some users? Maybe only one AP or certain devices? I'm assuming this has worked in the past?

Sent from Cisco Technical Support iPhone App

Thanks, Scott *****Help out other by using the rating system and marking answered questions as "Answered"*****
New Member

Re: Cisco 1141 2008R2 NPS Radius Issues

This affects all users and APs (only setting up one AP to test for now)

I imported 2008 R2 NPS settings from another server that has this working, so apart from a certificate issue it should be good (CA role is installed, registered in active directory, etc.)

The AP config is also based upon a working one at another location

This setup however is new

Thanks!

Hall of Fame Super Silver

Cisco 1141 2008R2 NPS Radius Issues

So the problem is most likely the NPS server.  You mentioned you took the config from a working NPS server and imported it onto the one your using now.  I would test using NTRadPing:

http://www.novell.com/coolsolutions/tools/14377.html

Load this onto a PC and create a AAA client with the ip of the PC and test if radius is working.

Thanks,

Scott

*****Help out other by using the rating system and marking answered questions as "Answered"*****

Thanks, Scott *****Help out other by using the rating system and marking answered questions as "Answered"*****
482
Views
0
Helpful
3
Replies
This widget could not be displayed.