Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

dot1x authentication using Radius 2003 and cat 6513

Hi,

I have installed a new Radius server on 2003 enterprise edition and configured my cat 6513(cat OS) as radius client.

When I test my radius server using Xp client, I get authentication failure log message and the client is not able to log on to the domain.

I am using PEAP-MSCHAP-V2 as the authentication method.dot1x has been configured on the switchport where client Xp is connected.

I cannot understand where the things are going wrong.

Pls help

4 REPLIES
VIP Purple

Re: dot1x authentication using Radius 2003 and cat 6513

Hello Sagar,

a cople of things could be going wrong here. Which RADIUS server software are you using ? I know of one problem that can be fixed for XP clients by means of a hotfix, check this link:

PEAP authentication is not successful when you connect to a third-party RADIUS server

http://support.microsoft.com/kb/885453/en-us

Also, which CatOS version are you running ?

Regards,

GP

Community Member

Re: dot1x authentication using Radius 2003 and cat 6513

Hi Georg,

I am using the IAS feature of Windows 2003.

The IOS version of my CatOS is 6.4(10).

Regards

Sagar

Community Member

Re: dot1x authentication using Radius 2003 and cat 6513

In Windows Server 2003 there's a registry setting to check all the fields of the Radius packet. (Google for it). My _strong_ recommendation is to turn this feature off.

Community Member

Re: dot1x authentication using Radius 2003 and cat 6513

Hi,

There was a remote access policy that was configured as Ethernet. When I remove that policy, I was able to logon. Here's the IAS log which defines NAs port-type="not present" which I am not able to understand.

User ITLINFOSYS\sagar_shetty was granted access.

Fully-Qualified-User-Name = ad.infosys.com/IND/BLR/KEC/Users/GEN/Sagar Ramanna Shetty

NAS-IP-Address = XX.YY.ZZ.AA

NAS-Identifier =

Client-Friendly-Name = B19_20 Radius Client

Client-IP-Address = AA.BB.CC.DD

Calling-Station-Identifier =

NAS-Port-Type =

NAS-Port =

Proxy-Policy-Name = Use Windows authentication for all users

Authentication-Provider = Windows

Authentication-Server =

Policy-Name = Connections to Microsoft Routing and Remote Access server

Authentication-Type = PEAP

EAP-Type = Secured password (EAP-MSCHAP v2)

regards

202
Views
0
Helpful
4
Replies
CreatePlease to create content