Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cisco 871w, radius server local, and leap or eap-fast will not authenticate

Hello, i trying to setup eap-fast or leap on my 871w.  i belive i have it confiured correctly but i can not get any device to authenticate to router.  Below is the confiureation that i being used.  any help would be welcome!

!

! Last configuration change at 15:51:30 AZT Wed Jan 4 2012 by testtest

! NVRAM config last updated at 15:59:37 AZT Wed Jan 4 2012 by testtest

!

version 12.4

configuration mode exclusive auto

service nagle

no service pad

service tcp-keepalives-in

service tcp-keepalives-out

service timestamps debug datetime msec localtime show-timezone

service timestamps log datetime msec localtime show-timezone

service password-encryption

service linenumber

service pt-vty-logging

service sequence-numbers

!

hostname router871

!

boot-start-marker

boot-end-marker

!

logging count

logging message-counter syslog

logging buffered 4096

logging rate-limit 512 except critical

logging console critical

enable secret 5 <omitted>

!

aaa new-model

!

!

aaa group server radius rad-test3

server 192.168.16.49 auth-port 1812 acct-port 1813

!

aaa authentication login default local

aaa authentication login eap-methods group rad-test3

aaa authorization exec default local

!

!

aaa session-id common

clock timezone AZT -7

clock save interval 8

!

!

dot11 syslog

!

dot11 ssid test2

vlan 2

authentication open

authentication key-management wpa

guest-mode

wpa-psk ascii 7 <omitted>

!

dot11 ssid test1

vlan 1

authentication open

authentication key-management wpa

wpa-psk ascii 7 <omitted>

!

dot11 ssid test3

vlan 3

authentication open eap eap-methods

authentication network-eap eap-methods

!

no ip source-route

no ip gratuitous-arps

ip options drop

ip dhcp bootp ignore

ip dhcp excluded-address 192.162.16.49 192.162.16.51

ip dhcp excluded-address 192.168.16.33

ip dhcp excluded-address 192.168.16.1 192.168.16.4

!

ip dhcp pool vlan1pool

   import all

   network 192.168.16.0 255.255.255.224

   default-router 192.168.16.1

   domain-name test1.local.home

   lease 4

!

ip dhcp pool vlan2pool

   import all

   network 192.168.16.32 255.255.255.240

   default-router 192.168.16.33

   domain-name test2.local.home

   lease 0 6

!

ip dhcp pool vlan3pool

   import all

   network 192.168.16.48 255.255.255.240

   default-router 192.168.16.49

   domain-name test3.local.home

   lease 2

!

!

ip cef

ip inspect alert-off

ip inspect max-incomplete low 25

ip inspect max-incomplete high 50

ip inspect one-minute low 25

ip inspect one-minute high 50

ip inspect udp idle-time 15

ip inspect tcp idle-time 1800

ip inspect tcp finwait-time 30

ip inspect tcp synwait-time 60

ip inspect tcp block-non-session

ip inspect tcp max-incomplete host 25 block-time 2

ip inspect name firewall tcp router-traffic

ip inspect name firewall ntp

ip inspect name firewall ftp

ip inspect name firewall udp router-traffic

ip inspect name firewall pop3

ip inspect name firewall pop3s

ip inspect name firewall imap

ip inspect name firewall imap3

ip inspect name firewall imaps

ip inspect name firewall smtp

ip inspect name firewall ssh

ip inspect name firewall icmp router-traffic timeout 10

ip inspect name firewall dns

ip inspect name firewall h323

ip inspect name firewall hsrp

ip inspect name firewall telnet

ip inspect name firewall tftp

no ip bootp server

no ip domain lookup

ip domain name local.home

ip name-server 8.8.8.8

ip name-server 8.8.4.4

ip accounting-threshold 100

ip accounting-list 192.168.16.0 0.0.0.31

ip accounting-list 192.168.16.32 0.0.0.15

ip accounting-list 192.168.16.48 0.0.0.15

ip accounting-transits 25

login block-for 120 attempts 5 within 60

login delay 5

login on-failure log

!

!

!

!

memory free low-watermark processor 65536

memory free low-watermark IO 16384

username testtest password 7 <omitted>

!

!

!

archive

log config

  logging enable

  logging size 255

  notify syslog contenttype plaintext

  hidekeys

path tftp://<omitted>/archive-config

write-memory

!

!

ip tcp synwait-time 10

ip ssh time-out 20

ip ssh authentication-retries 2

ip ssh logging events

ip ssh version 2

!

bridge irb

!

!

interface Loopback0

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

!

interface Null0

no ip unreachables

!

interface FastEthernet0

switchport mode trunk

shutdown

!

interface FastEthernet1

switchport mode trunk

shutdown

!

interface FastEthernet2

shutdown

spanning-tree portfast

!

interface FastEthernet3

spanning-tree portfast

!

interface FastEthernet4

description Cox Internet Connection

ip address dhcp

ip access-group ingress-filter in

ip access-group egress-filter out

no ip redirects

no ip unreachables

no ip proxy-arp

ip accounting access-violations

ip flow ingress

ip flow egress

ip inspect firewall out

ip nat outside

ip virtual-reassembly

ip tcp adjust-mss 1460

load-interval 30

duplex auto

speed auto

no cdp enable

!

interface Dot11Radio0

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

!

encryption vlan 1 mode ciphers aes-ccm

!

!

encryption vlan 2 mode ciphers aes-ccm

!

encryption key 1 size 128bit 7 <omitted> transmit-key

encryption mode wep mandatory

!

broadcast-key vlan 1 change <omitted> membership-termination

!

broadcast-key vlan 3 change <omitted> membership-termination

!

broadcast-key vlan 2 change <omitted> membership-termination

!

!

ssid test2

!

ssid test1

!

ssid test3

!

speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0

station-role root

rts threshold 2312

no cdp enable

!

interface Dot11Radio0.1

description <omitted>

encapsulation dot1Q 1 native

no ip redirects

no ip unreachables

no ip proxy-arp

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 spanning-disabled

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

!

interface Dot11Radio0.2

description <omitted>

encapsulation dot1Q 2

no ip redirects

no ip unreachables

no ip proxy-arp

bridge-group 2

bridge-group 2 subscriber-loop-control

bridge-group 2 spanning-disabled

bridge-group 2 block-unknown-source

no bridge-group 2 source-learning

no bridge-group 2 unicast-flooding

!

interface Dot11Radio0.3

description <omitted>

encapsulation dot1Q 3

no ip redirects

no ip unreachables

no ip proxy-arp

bridge-group 3

bridge-group 3 subscriber-loop-control

bridge-group 3 spanning-disabled

bridge-group 3 block-unknown-source

no bridge-group 3 source-learning

no bridge-group 3 unicast-flooding

!

interface Vlan1

description <omitted>

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat inside

ip virtual-reassembly

bridge-group 1

bridge-group 1 spanning-disabled

!

interface Vlan2

description <omitted>

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat inside

ip virtual-reassembly

bridge-group 2

bridge-group 2 spanning-disabled

!

interface Vlan3

description <omitted>

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat inside

ip virtual-reassembly

bridge-group 3

bridge-group 3 spanning-disabled

!

interface BVI1

description <omitted>

ip address 192.168.16.1 255.255.255.224

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat inside

ip virtual-reassembly

!

interface BVI2

description <omitted>

ip address 192.168.16.33 255.255.255.240

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat inside

ip virtual-reassembly

!

interface BVI3

description <omitted>

ip address 192.168.16.49 255.255.255.240

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat inside

ip virtual-reassembly

!

ip forward-protocol nd

no ip http server

no ip http secure-server

ip http secure-ciphersuite 3des-ede-cbc-sha rc4-128-sha

ip http timeout-policy idle 5 life 43200 requests 5

ip flow-top-talkers

top 10

sort-by bytes

!

ip nat inside source list 1 interface FastEthernet4 overload

ip nat inside source static tcp 192.168.16.50 80 interface FastEthernet4 80

ip nat inside source static tcp 192.168.16.50 53 interface FastEthernet4 53

ip nat inside source static tcp 192.168.16.50 3074 interface FastEthernet4 3074

ip nat inside source static udp 192.168.16.50 3074 interface FastEthernet4 3074

ip nat inside source static udp 192.168.16.50 88 interface FastEthernet4 88

ip nat inside source static udp 192.168.16.50 53 interface FastEthernet4 53

!

ip access-list extended egress-filter

deny   ip any host <omitted>

deny   ip any host <omitted>

deny   ip host <omitted> any

deny   ip host <omitted> any

remark ----- Bogons Filter -----

deny   ip 0.0.0.0 0.255.255.255 any

deny   ip 10.0.0.0 0.10.9.255 any

deny   ip 10.0.0.0 0.10.13.255 any

deny   ip 127.0.0.0 0.255.255.255 any

deny   ip 169.254.0.0 0.0.255.255 any

deny   ip 172.16.0.0 0.15.255.255 any

deny   ip 192.0.0.0 0.0.0.255 any

deny   ip 192.0.2.0 0.0.0.255 any

deny   ip 192.168.0.0 0.0.15.255 any

deny   ip 192.168.0.0 0.0.255.255 any

deny   ip 198.18.0.0 0.1.255.255 any

deny   ip 198.51.100.0 0.0.0.255 any

deny   ip 203.0.113.0 0.0.0.255 any

deny   ip 224.0.0.0 31.255.255.255 any

remark ----- Internal networks -----

permit ip <omitted> 0.0.0.3 any

deny   ip any any log

ip access-list extended ingress-filter

remark ----- To get IP form COX -----

permit udp any eq bootps any eq bootpc

deny   icmp any any log

deny   udp any any eq echo

deny   udp any eq echo any

deny   tcp any any fragments

deny   udp any any fragments

deny   ip any any fragments

deny   ip any any option any-options

deny   ip any any ttl lt 4

deny   ip any host <omitted>

deny   ip any host <omitted>

deny   udp any any range 33400 34400

remark ----- Bogons Filter -----

deny   ip 0.0.0.0 0.255.255.255 any

deny   ip 10.0.0.0 0.255.255.255 any

deny   ip 127.0.0.0 0.255.255.255 any

deny   ip 169.254.0.0 0.0.255.255 any

deny   ip 172.16.0.0 0.15.255.255 any

deny   ip 192.0.0.0 0.0.0.255 any

deny   ip 192.0.2.0 0.0.0.255 any

deny   ip 192.168.0.0 0.0.255.255 any

deny   ip 198.18.0.0 0.1.255.255 any

deny   ip 198.51.100.0 0.0.0.255 any

deny   ip 203.0.113.0 0.0.0.255 any

deny   ip 224.0.0.0 31.255.255.255 any

remark ----- Internal networks -----

deny   ip 10.10.10.0 0.0.0.255 any

deny   ip 10.10.11.0 0.0.0.255 any

deny   ip 10.10.12.0 0.0.0.255 any

deny   ip any any log

!

access-list 1 permit 192.168.16.0 0.0.0.63

access-list 20 permit 127.127.1.1

access-list 20 permit 204.235.61.9

access-list 20 permit 173.201.38.85

access-list 20 permit 216.229.4.69

access-list 20 permit 152.2.21.1

access-list 20 permit 130.126.24.24

access-list 21 permit 192.168.16.0 0.0.0.63

!

!

!

radius-server local

no authentication mac

eapfast authority id <omitted>

eapfast authority info <omitted>

eapfast server-key primary 7 <omitted>

nas 192.168.16.49 key 7 <omitted>

group rad-test3

  vlan 3

  ssid test3

  !

user test nthash 7 <omitted> group rad-test3

user testtest nthash 7 <omitted> group rad-test3

!

radius-server attribute 32 include-in-access-req format %h

radius-server host 192.168.16.49 auth-port 1812 acct-port 1813 key 7 <omitted>

radius-server vsa send accounting

control-plane host

!

control-plane transit

!

control-plane cef-exception

!

!

control-plane

!

bridge 1 protocol ieee

bridge 1 route ip

bridge 2 protocol ieee

bridge 2 route ip

bridge 3 protocol ieee

bridge 3 route ip

!

line con 0

password 7 <omitted>

logging synchronous

no modem enable

transport output telnet

line aux 0

password 7 <omitted>

logging synchronous

transport output telnet

line vty 0 4

password 7 <omitted>

logging synchronous

transport preferred ssh

transport input ssh

transport output ssh

!

scheduler max-task-time 5000

scheduler allocate 4000 1000

scheduler interval 500

process cpu threshold type total rising 80 interval 10 falling 40 interval 10

ntp authentication-key 1 md5 <omitted> 7

ntp authenticate

ntp trusted-key 1

ntp source FastEthernet4

ntp access-group peer 20

ntp access-group serve-only 21

ntp master 1

ntp server 152.2.21.1 maxpoll 4

ntp server 204.235.61.9 maxpoll 4

ntp server 130.126.24.24 maxpoll 4

ntp server 216.229.4.69 maxpoll 4

ntp server 173.201.38.85 maxpoll 4

end

Everyone's tags (5)
1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Silver

Re: Cisco 871w, radius server local, and leap or eap-fast will n

Here is a link that might help

http://www.cisco.com/en/US/solutions/collateral/ns340/ns517/ns430/ns855/white_paper_c11-492842.html

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
3 REPLIES
Hall of Fame Super Silver

Re: Cisco 871w, radius server local, and leap or eap-fast will n

Here is a link that might help

http://www.cisco.com/en/US/solutions/collateral/ns340/ns517/ns430/ns855/white_paper_c11-492842.html

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
New Member

Cisco 871w, radius server local, and leap or eap-fast will not a

so this what i am getting now for debug? any thoughs?

010724: Jan  5 16:26:04.527 AZT: RADIUS: Retransmit to (162.168.16.49:1812,1813) for id 1645/2

010725: Jan  5 16:26:08.976 AZT: RADIUS: No response from (162.168.16.49:1812,1813) for id 1645/2

010726: Jan  5 16:26:08.976 AZT: RADIUS/DECODE: No response from radius-server; parse response; FAIL

010727: Jan  5 16:26:08.976 AZT: RADIUS/DECODE: Case error(no response/ bad packet/ op decode);parse response; FAIL

010728: Jan  5 16:26:08.976 AZT: dot11_auth_dot1x_parse_aaa_resp: Received server response: FAIL

010729: Jan  5 16:26:08.976 AZT: dot11_auth_dot1x_parse_aaa_resp: found eap pak in server response

010730: Jan  5 16:26:08.976 AZT: Client d8b3.7759.0488 failed: EAP reason 1

010731: Jan  5 16:26:08.976 AZT: dot11_auth_dot1x_parse_aaa_resp: Failed client d8b3.7759.0488 with aaa_req_status_detail 1

010732: Jan  5 16:26:08.976 AZT: dot11_auth_dot1x_run_rfsm: Executing Action(SERVER_WAIT,SERVER_FAIL) for d8b3.7759.0488

010733: Jan  5 16:26:08.976 AZT: dot11_auth_dot1x_send_response_to_client: Forwarding server message to client d8b3.7759.0488

010734: Jan  5 16:26:08.976 AZT: EAPOL pak dump tx

010735: Jan  5 16:26:08.976 AZT: EAPOL Version: 0x1  type: 0x0  length: 0x0004

010736: Jan  5 16:26:08.976 AZT: EAP code: 0x4  id: 0x1  length: 0x0004

0AD05650:                   01000004 04010004          ........

0AD05660:

010737: Jan  5 16:26:08.980 AZT: dot11_auth_send_msg:  sending data to requestor status 1

010738: Jan  5 16:26:08.980 AZT: dot11_auth_send_msg: Sending EAPOL to requestor

010739: Jan  5 16:26:08.980 AZT: dot11_auth_dot1x_send_response_to_client: Started timer client_timeout 30 seconds

010740: Jan  5 16:26:08.980 AZT: dot11_auth_dot1x_send_client_fail: Authentication failed for d8b3.7759.0488

010741: Jan  5 16:26:08.980 AZT: dot11_auth_send_msg:  sending data to requestor status 0

010742: Jan  5 16:26:08.980 AZT: dot11_auth_send_msg: client FAILED to authenticate d8b3.7759.0488, node_type 64 for application 0x1

010743: Jan  5 16:26:08.980 AZT: dot11_auth_delete_client_entry: d8b3.7759.0488 is deleted for application 0x1

010744: Jan  5 16:26:08.984 AZT: %DOT11-7-AUTH_FAILED: Station d8b3.7759.0488 Authentication failed

010745: Jan  5 16:26:09.624 AZT: dot11_auth_add_client_entry: Create new client d8b3.7759.0488 for application 0x1

010746: Jan  5 16:26:09.624 AZT: dot11_auth_initialize_client: d8b3.7759.0488 is added to the client list for application 0x1

010747: Jan  5 16:26:09.624 AZT: dot11_auth_add_client_entry: req->auth_type 0

010748: Jan  5 16:26:09.624 AZT: dot11_auth_add_client_entry: auth_methods_inprocess: 2

010749: Jan  5 16:26:09.624 AZT: dot11_auth_add_client_entry: eap list name: eap-methods

010750: Jan  5 16:26:09.624 AZT: dot11_run_auth_methods: Start auth method EAP or LEAP

010751: Jan  5 16:26:09.624 AZT: dot11_auth_dot1x_start: in the dot11_auth_dot1x_start

010752: Jan  5 16:26:09.624 AZT: dot11_auth_dot1x_send_id_req_to_client: Sending identity request to d8b3.7759.0488

010753: Jan  5 16:26:09.624 AZT: EAPOL pak dump tx

010754: Jan  5 16:26:09.624 AZT: EAPOL Version: 0x1  type: 0x0  length: 0x0031

010755: Jan  5 16:26:09.624 AZT: EAP code: 0x1  id: 0x1  length: 0x0031 type: 0x1

0AD05B50:                   01000031 01010031          ...1...1

0AD05B60: 01006E65 74776F72 6B69643D 746F7973  ..networkid=toys

0AD05B70: 6F6E7067 2C6E6173 69643D72 6F757465  onpg,nasid=route

0AD05B80: 72383731 2C706F72 7469643D 30        r871,portid=0

010756: Jan  5 16:26:09.644 AZT: dot11_auth_send_msg:  sending data to requestor status 1

010757: Jan  5 16:26:09.648 AZT: dot11_auth_send_msg: Sending EAPOL to requestor

010758: Jan  5 16:26:09.648 AZT: dot11_auth_dot1x_send_id_req_to_client: Client d8b3.7759.0488 timer started for 30 seconds

010759: Jan  5 16:26:09.656 AZT: dot11_auth_parse_client_pak: Received EAPOL packet from d8b3.7759.0488

010760: Jan  5 16:26:09.656 AZT: EAPOL pak dump rx

010761: Jan  5 16:26:09.656 AZT: EAPOL Version: 0x1  type: 0x0  length: 0x0009

010762: Jan  5 16:26:09.656 AZT: EAP code: 0x2  id: 0x1  length: 0x0009 type: 0x1

0B060D50:                   01000009 02010009          ........

0B060D60: 01746573 74                          .test

010763: Jan  5 16:26:09.660 AZT: dot11_auth_dot1x_run_rfsm: Executing Action(CLIENT_WAIT,CLIENT_REPLY) for d8b3.7759.0488

010764: Jan  5 16:26:09.660 AZT: dot11_auth_dot1x_send_response_to_server: Sending client d8b3.7759.0488 data to server

010765: Jan  5 16:26:09.660 AZT: dot11_auth_dot1x_send_response_to_server: Started timer server_timeout 60 seconds

010766: Jan  5 16:26:09.664 AZT: RADIUS/ENCODE(00000198):Orig. component type = DOT11

010767: Jan  5 16:26:09.664 AZT: RADIUS:  AAA Unsupported Attr: ssid              [282] 8

010768: Jan  5 16:26:09.664 AZT: RADIUS:   74 6F 79 73 6F 6E                                [toyson]

010769: Jan  5 16:26:09.664 AZT: RADIUS:  AAA Unsupported Attr: interface         [175] 3

010770: Jan  5 16:26:09.664 AZT: RADIUS:   36                                               [6]

010771: Jan  5 16:26:09.664 AZT: RADIUS(00000198): Config NAS IP: 192.168.16.49

010772: Jan  5 16:26:09.664 AZT: RADIUS/ENCODE(00000198): acct_session_id: 408

010773: Jan  5 16:26:09.664 AZT: RADIUS(00000198): Config NAS IP: 192.168.16.49

010774: Jan  5 16:26:09.664 AZT: RADIUS(00000198): sending

010775: Jan  5 16:26:09.664 AZT: RADIUS(00000198): Send Access-Request to 162.168.16.49:1645 id 1645/3, len 133

010776: Jan  5 16:26:09.664 AZT: RADIUS:  authenticator BF 69 DD DF 89 1F C6 FB - EF EC 12 EB C5 3F 3A CD

010777: Jan  5 16:26:09.664 AZT: RADIUS:  User-Name           [1]   6   "test"

010778: Jan  5 16:26:09.664 AZT: RADIUS:  Framed-MTU          [12]  6   1400

010779: Jan  5 16:26:09.664 AZT: RADIUS:  Called-Station-Id   [30]  16  "0019.3075.e660"

010780: Jan  5 16:26:09.664 AZT: RADIUS:  Calling-Station-Id  [31]  16  "d8b3.7759.0488"

010781: Jan  5 16:26:09.668 AZT: RADIUS:  Service-Type        [6]   6   Login                     [1]

010782: Jan  5 16:26:09.668 AZT: RADIUS:  Message-Authenticato[80]  18

010783: Jan  5 16:26:09.668 AZT: RADIUS:   5B FA 47 07 0E E3 4B 71 7F 60 6E 4E 91 37 84 A6  [[?G???Kq?`nN?7??]

010784: Jan  5 16:26:09.668 AZT: RADIUS:  EAP-Message         [79]  11

010785: Jan  5 16:26:09.668 AZT: RADIUS:   02 01 00 09 01 74 65 73 74                       [?????test]

010786: Jan  5 16:26:09.668 AZT: RADIUS:  NAS-Port-Type       [61]  6   802.11 wireless           [19]

010787: Jan  5 16:26:09.668 AZT: RADIUS:  NAS-Port            [5]   6   661

010788: Jan  5 16:26:09.668 AZT: RADIUS:  NAS-Port-Id         [87]  5   "661"

010789: Jan  5 16:26:09.668 AZT: RADIUS:  NAS-IP-Address      [4]   6   192.168.16.49

010790: Jan  5 16:26:09.668 AZT: RADIUS:  Nas-Identifier      [32]  11  "router871"

010791: Jan  5 16:26:14.501 AZT: RADIUS: Retransmit to (162.168.16.49:1645,1646) for id 1645/3

router871#

010792: Jan  5 16:26:19.018 AZT: RADIUS: Retransmit to (162.168.16.49:1645,1646) for id 1645/3

router871#

010793: Jan  5 16:26:23.739 AZT: RADIUS: Retransmit to (162.168.16.49:1645,1646) for id 1645/3

router871#

010794: Jan  5 16:26:28.700 AZT: RADIUS: Fail-over to (162.168.16.49:1812,1813) for id 1645/3

router871#

010795: Jan  5 16:26:33.629 AZT: RADIUS: Retransmit to (162.168.16.49:1812,1813) for id 1645/3

router871#

010796: Jan  5 16:26:38.494 AZT: RADIUS: Retransmit to (162.168.16.49:1812,1813) for id 1645/3

router871#

010797: Jan  5 16:26:39.794 AZT: dot11_auth_parse_client_pak: Received EAPOL packet from d8b3.7759.0488

010798: Jan  5 16:26:39.794 AZT: EAPOL pak dump rx

010799: Jan  5 16:26:39.794 AZT: EAPOL Version: 0x1  type: 0x1  length: 0x0000

0AD053D0:                   01010000                   ....

010800: Jan  5 16:26:39.798 AZT: dot11_auth_dot1x_run_rfsm: Executing Action(SERVER_WAIT,EAP_START) for d8b3.7759.0488

010801: Jan  5 16:26:39.798 AZT: dot11_auth_dot1x_ignore_event: Ignore event: do nothing

router871#

010802: Jan  5 16:26:43.007 AZT: RADIUS: Retransmit to (162.168.16.49:1812,1813) for id 1645/3

router871#

010803: Jan  5 16:26:47.336 AZT: RADIUS: No response from (162.168.16.49:1812,1813) for id 1645/3

010804: Jan  5 16:26:47.336 AZT: RADIUS/DECODE: No response from radius-server; parse response; FAIL

010805: Jan  5 16:26:47.336 AZT: RADIUS/DECODE: Case error(no response/ bad packet/ op decode);parse response; FAIL

010806: Jan  5 16:26:47.336 AZT: dot11_auth_dot1x_parse_aaa_resp: Received server response: FAIL

010807: Jan  5 16:26:47.336 AZT: dot11_auth_dot1x_parse_aaa_resp: found eap pak in server response

010808: Jan  5 16:26:47.336 AZT: Client d8b3.7759.0488 failed: EAP reason 1

010809: Jan  5 16:26:47.336 AZT: dot11_auth_dot1x_parse_aaa_resp: Failed client d8b3.7759.0488 with aaa_req_status_detail 1

010810: Jan  5 16:26:47.336 AZT: dot11_auth_dot1x_run_rfsm: Executing Action(SERVER_WAIT,SERVER_FAIL) for d8b3.7759.0488

010811: Jan  5 16:26:47.336 AZT: dot11_auth_dot1x_send_response_to_client: Forwarding server message to client d8b3.7759.0488

010812: Jan  5 16:26:47.336 AZT: EAPOL pak dump tx

010813: Jan  5 16:26:47.336 AZT: EAPOL Version: 0x1  type: 0x0  length: 0x0004

010814: Jan  5 16:26:47.336 AZT: EAP code: 0x4  id: 0x1  length: 0x0004

0B060710:                   01000004 04010004          ........

0B060720:

010815: Jan  5 16:26:47.340 AZT: dot11_auth_send_msg:  sending data to requestor status 1

010816: Jan  5 16:26:47.340 AZT: dot11_auth_send_msg: Sending EAPOL to requestor

010817: Jan  5 16:26:47.340 AZT: dot11_auth_dot1x_send_response_to_client: Started timer client_timeout 30 seconds

010818: Jan  5 16:26:47.340 AZT: dot11_auth_dot1x_send_client_fail: Authentication failed for d8b3.7759.0488

010819: Jan  5 16:26:47.340 AZT: dot11_auth_send_msg:  sending data to requestor status 0

010820: Jan  5 16:26:47.340 AZT: dot11_auth_send_msg: client FAILED to authenticate d8b3.7759.0488, node_type 64 for application 0x1

router871#

010821: Jan  5 16:26:47.340 AZT: dot11_auth_delete_client_entry: d8b3.7759.0488 is deleted for application 0x1

010822: Jan  5 16:26:47.344 AZT: %DOT11-7-AUTH_FAILED: Station d8b3.7759.0488 Authentication failed

010823: Jan  5 16:26:47.972 AZT: dot11_auth_add_client_entry: Create new client d8b3.7759.0488 for application 0x1

010824: Jan  5 16:26:47.972 AZT: dot11_auth_initialize_client: d8b3.7759.0488 is added to the client list for application 0x1

010825: Jan  5 16:26:47.972 AZT: dot11_auth_add_client_entry: req->auth_type 0

010826: Jan  5 16:26:47.972 AZT: dot11_auth_add_client_entry: auth_methods_inprocess: 2

010827: Jan  5 16:26:47.972 AZT: dot11_auth_add_client_entry: eap list name: eap-methods

010828: Jan  5 16:26:47.976 AZT: dot11_run_auth_methods: Start auth method EAP or LEAP

010829: Jan  5 16:26:47.976 AZT: dot11_auth_dot1x_start: in the dot11_auth_dot1x_start

010830: Jan  5 16:26:47.976 AZT: dot11_auth_dot1x_send_id_req_to_client: Sending identity request to d8b3.7759.0488

010831: Jan  5 16:26:47.976 AZT: EAPOL pak dump tx

010832: Jan  5 16:26:47.976 AZT: EAPOL Version: 0x1  type: 0x0  length: 0x0031

010833: Jan  5 16:26:47.976 AZT: EAP code: 0x1  id: 0x1  length: 0x0031 type: 0x1

0AD05B50:                   01000031 01010031          ...1...1

0AD05B60: 01006E65 74776F72 6B69643D 746F7973  ..networkid=toys

0AD05B70: 6F6E7067 2C6E6173 69643D72 6F757465  onpg,nasid=route

0AD05B80: 72383731 2C706F72 7469643D 30        r871,portid=0

010834: Jan  5 16:26:47.996 AZT: dot11_auth_send_msg:  sending data to requestor status 1

010835: Jan  5 16:26:47.996 AZT: dot11_auth_send_msg: Sending EAPOL to requestor

010836: Jan  5 16:26:47.996 AZT: dot11_auth_dot1x_send_id_req_to_client: Client d8b3.7759.0488 timer started for 30 seconds

010837: Jan  5 16:26:47.996 AZT: dot11_auth_client_abort: Received abort request for client d8b3.7759.0488

010838: Jan  5 16:26:47.996 AZT: dot11_auth_client_abort: Aborting client d8b3.7759.0488 for application 0x1

router871#

010839: Jan  5 16:26:47.996 AZT: dot11_auth_delete_client_entry: d8b3.7759.0488 is deleted for application 0x1

router871#

010840: Jan  5 16:26:58.634 AZT: dot11_auth_add_client_entry: Create new client d8b3.7759.0488 for application 0x1

010841: Jan  5 16:26:58.634 AZT: dot11_auth_initialize_client: d8b3.7759.0488 is added to the client list for application 0x1

010842: Jan  5 16:26:58.638 AZT: dot11_auth_add_client_entry: req->auth_type 0

010843: Jan  5 16:26:58.638 AZT: dot11_auth_add_client_entry: auth_methods_inprocess: 2

010844: Jan  5 16:26:58.638 AZT: dot11_auth_add_client_entry: eap list name: eap-methods

010845: Jan  5 16:26:58.638 AZT: dot11_run_auth_methods: Start auth method EAP or LEAP

010846: Jan  5 16:26:58.638 AZT: dot11_auth_dot1x_start: in the dot11_auth_dot1x_start

010847: Jan  5 16:26:58.638 AZT: dot11_auth_dot1x_send_id_req_to_client: Sending identity request to d8b3.7759.0488

010848: Jan  5 16:26:58.638 AZT: EAPOL pak dump tx

010849: Jan  5 16:26:58.638 AZT: EAPOL Version: 0x1  type: 0x0  length: 0x0031

010850: Jan  5 16:26:58.638 AZT: EAP code: 0x1  id: 0x1  length: 0x0031 type: 0x1

0B060710:                   01000031 01010031          ...1...1

0B060720: 01006E65 74776F72 6B69643D 746F7973  ..networkid=toys

0B060730: 6F6E7067 2C6E6173 69643D72 6F757465  onpg,nasid=route

0B060740: 72383731 2C706F72 7469643D 30        r871,portid=0

010851: Jan  5 16:26:58.658 AZT: dot11_auth_send_msg:  sending data to requestor status 1

010852: Jan  5 16:26:58.658 AZT: dot11_auth_send_msg: Sending EAPOL to requestor

010853: Jan  5 16:26:58.658 AZT: dot11_auth_dot1x_send_id_req_to_client: Client d8b3.7759.0488 timer started for 30 seconds

010854: Jan  5 16:27:01.603 AZT: dot11_auth_client_abort: Received abort request for client d8b3.7759.0488

010855: Jan  5 16:27:01.603 AZT: dot11_auth_client_abort: Aborting client d8b3.7759.0488 for application 0x1

010856: Jan  5 16:27:01.603 AZT: dot11_auth_delete_client_entry: d8b3.7759.0488 is deleted for application 0x1

010857: Jan  5 16:27:02.179 AZT: %SEC-6-IPACCESSLOGP: list ingress-filter denied tcp 32.42.41.254(57443) -> 72.201.117.84(59652), 1 packet

010858: Jan  5 16:27:02.179 AZT: %SEC-6-IPACCESSLOGP: list egress-filter denied tcp 22.3.184.118(0) -> 74.125.53.188(0), 4 packets

010859: Jan  5 16:27:12.261 AZT: dot11_auth_add_client_entry: Create new client d8b3.7759.0488 for application 0x1

010860: Jan  5 16:27:12.261 AZT: dot11_auth_initialize_client: d8b3.7759.0488 is added to the client list for application 0x1

010861: Jan  5 16:27:12.261 AZT: dot11_auth_add_client_entry: req->auth_type 0

010862: Jan  5 16:27:12.261 AZT: dot11_auth_add_client_entry: auth_methods_inprocess: 2

010863: Jan  5 16:27:12.261 AZT: dot11_auth_add_client_entry: eap list name: eap-methods

010864: Jan  5 16:27:12.261 AZT: dot11_run_auth_methods: Start auth method EAP or LEAP

010865: Jan  5 16:27:12.261 AZT: dot11_auth_dot1x_start: in the dot11_auth_dot1x_start

010866: Jan  5 16:27:12.261 AZT: dot11_auth_dot1x_send_id_req_to_client: Sending identity request to d8b3.7759.0488

010867: Jan  5 16:27:12.261 AZT: EAPOL pak dump tx

010868: Jan  5 16:27:12.261 AZT: EAPOL Version: 0x1  type: 0x0  length: 0x0031

010869: Jan  5 16:27:12.261 AZT: EAP code: 0x1  id: 0x1  length: 0x0031 type: 0x1

0B060FD0:                   01000031 01010031          ...1...1

0B060FE0: 01006E65 74776F72 6B69643D 746F7973  ..networkid=toys

0B060FF0: 6F6E7067 2C6E6173 69643D72 6F757465  onpg,nasid=route

0B061000: 72383731 2C706F72 7469643D 30        r871,portid=0

010870: Jan  5 16:27:12.285 AZT: dot11_auth_send_msg:  sending data to requestor status 1

010871: Jan  5 16:27:12.285 AZT: dot11_auth_send_msg: Sending EAPOL to requestor

010872: Jan  5 16:27:12.285 AZT: dot11_auth_dot1x_send_id_req_to_client: Client d8b3.7759.0488 timer started for 30 seconds

010873: Jan  5 16:27:12.293 AZT: dot11_auth_parse_client_pak: Received EAPOL packet from d8b3.7759.0488

010874: Jan  5 16:27:12.293 AZT: EAPOL pak dump rx

010875: Jan  5 16:27:12.293 AZT: EAPOL Version: 0x1  type: 0x0  length: 0x0009

010876: Jan  5 16:27:12.293 AZT: EAP code: 0x2  id: 0x1  length: 0x0009 type: 0x1

0AD05290:                   01000009 02010009          ........

0AD052A0: 01746573 74                          .test

010877: Jan  5 16:27:12.301 AZT: dot11_auth_dot1x_run_rfsm: Executing Action(CLIENT_WAIT,CLIENT_REPLY) for d8b3.7759.0488

010878: Jan  5 16:27:12.301 AZT: dot11_auth_dot1x_send_response_to_server: Sending client d8b3.7759.0488 data to server

010879: Jan  5 16:27:12.301 AZT: dot11_auth_dot1x_send_response_to_server: Started timer server_timeout 60 seconds

010880: Jan  5 16:27:12.301 AZT: RADIUS/ENCODE(0000019B):Orig. component type = DOT11

010881: Jan  5 16:27:12.305 AZT: RADIUS:  AAA Unsupported Attr: ssid              [282] 8

010882: Jan  5 16:27:12.305 AZT: RADIUS:   74 6F 79 73 6F 6E                                [toyson]

010883: Jan  5 16:27:12.305 AZT: RADIUS:  AAA Unsupported Attr: interface         [175] 3

010884: Jan  5 16:27:12.305 AZT: RADIUS:   36                                               [6]

010885: Jan  5 16:27:12.305 AZT: RADIUS(0000019B): Config NAS IP: 192.168.16.49

010886: Jan  5 16:27:12.305 AZT: RADIUS/ENCODE(0000019B): acct_session_id: 411

010887: Jan  5 16:27:12.305 AZT: RADIUS(0000019B): Config NAS IP: 192.168.16.49

010888: Jan  5 16:27:12.305 AZT: RADIUS(0000019B): sending

010889: Jan  5 16:27:12.305 AZT: RADIUS(0000019B): Send Access-Request to 162.168.16.49:1645 id 1645/4, len 133

010890: Jan  5 16:27:12.305 AZT: RADIUS:  authenticator 6F 6C 63 31 88 DE 30 A2 - C2 06 12 EB 50 A3 53 36

010891: Jan  5 16:27:12.305 AZT: RADIUS:  User-Name           [1]   6   "test"

010892: Jan  5 16:27:12.305 AZT: RADIUS:  Framed-MTU          [12]  6   1400

010893: Jan  5 16:27:12.305 AZT: RADIUS:  Called-Station-Id   [30]  16  "0019.3075.e660"

010894: Jan  5 16:27:12.305 AZT: RADIUS:  Calling-Station-Id  [31]  16  "d8b3.7759.0488"

010895: Jan  5 16:27:12.305 AZT: RADIUS:  Service-Type        [6]   6   Login                     [1]

010896: Jan  5 16:27:12.305 AZT: RADIUS:  Message-Authenticato[80]  18

010897: Jan  5 16:27:12.305 AZT: RADIUS:   9D D5 62 1A 38 13 94 30 3A 43 D7 A4 AE A4 43 64  [??b?8??0:C????Cd]

010898: Jan  5 16:27:12.305 AZT: RADIUS:  EAP-Message         [79]  11

010899: Jan  5 16:27:12.305 AZT: RADIUS:   02 01 00 09 01 74 65 73 74                       [?????test]

010900: Jan  5 16:27:12.305 AZT: RADIUS:  NAS-Port-Type       [61]  6   802.11 wireless           [19]

010901: Jan  5 16:27:12.305 AZT: RADIUS:  NAS-Port            [5]   6   664

010902: Jan  5 16:27:12.309 AZT: RADIUS:  NAS-Port-Id         [87]  5   "664"

010903: Jan  5 16:27:12.309 AZT: RADIUS:  NAS-IP-Address      [4]   6   192.168.16.49

010904: Jan  5 16:27:12.309 AZT: RADIUS:  Nas-Identifier      [32]  11  "router871"

010905: Jan  5 16:27:16.642 AZT: RADIUS: Retransmit to (162.168.16.49:1645,1646) for id 1645/4

New Member

Cisco 871w, radius server local, and leap or eap-fast will not a

i am also getting the login prompt for a user name or password

1624
Views
0
Helpful
3
Replies
CreatePlease login to create content