Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

debug radius authentication

Hi folks,

I have this problem with my access to my wireless network.

my config of my AP 1250:

Building configuration...

Current configuration : 3991 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname AP1
!
aaa new-model
!
aaa group server radius eap-tls
server 192.168.2.250 auth-port 1645 acct-port 1646
!

aaa authentication login rad_eap_list group eap-tls

!
aaa session-id common
clock summer-time verao09 date Mar 29 2009 1:00 Oct 25 2009 2:00
ip domain name domain
!
ip ssh time-out 40
ip ssh authentication-retries 2
dot11 activity-timeout client maximum 3600
!
dot11 ssid WiFi
   max-associations 50
   authentication open eap rad_eap_list
   guest-mode
   infrastructure-ssid optional
!
dot11 holdoff-time 5
dot11 aaa authentication attributes service login-only
dot11 aaa dot1x compliance draft10
power inline negotiation prestandard source
!

dot1x timeout supp-response 120
dot1x timeout reauth-period 5

!
bridge irb
!
interface Dot11Radio0
no ip address
no ip route-cache
shutdown
!
encryption mode ciphers wep40
!
ssid WiFi
!
speed  24.0 36.0 48.0 basic-54.0 m9. m10. m11. m12. m13. m14. m15.
channel least-congested 2412 2437 2462
station-role root access-point
rts threshold 1024
rts retries 15
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio1
no ip address
no ip route-cache
!
encryption mode ciphers wep40
!
ssid WiFi
!
no dfs band block
speed  24.0 36.0 48.0 basic-54.0 m9. m10. m11. m12. m13. m14. m15.
channel width 40-above
channel dfs
station-role root access-point
rts retries 32
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled

!

ip radius source-interface BVI1
!

radius-server attribute 32 include-in-access-req format %h
radius-server host 192.168.2.250 auth-port 1645 acct-port 1646 timeout 10 retransmit 5 key 7

00050316084E190703374D420C0F0005160E5E547F79747D
radius-server vsa send accounting
radius-server vsa send authentication
bridge 1 route ip
!
!
wlccp wds aaa authentication attributes service login-only
wlccp wds aaa dot1x compliance draft10
!

sntp server 192.168.2.21
end

my sh dot11 ass :


AP1l#sh dot11 ass

802.11 Client Stations on Dot11Radio1:SSID [WiFi] :

MAC Address    IP address      Device        Name            Parent         State
0024.2ba1.02b2 192.168.2.104    ccx-client    hostname-M      self           EAP-Assoc

log of my IAS :

User domain\user was granted access.

Fully-Qualified-User-Name = dc/

NAS-IP-Address = 192.168.2.9

NAS-Identifier = AP1

Client-Friendly-Name = AP-Cisco1250

Client-IP-Address = 192.168.2.9

Calling-Station-Identifier = 0024.2ba1.02b2

NAS-Port-Type = Wireless - IEEE 802.11

NAS-Port = 272

Proxy-Policy-Name = Use Windows authentication for all users

Authentication-Provider = Windows

Authentication-Server = <undetermined>

Policy-Name = WIRELESS_ACCESS

Authentication-Type = PEAP

EAP-Type = Secured password (EAP-MSCHAP v2)

my debug :

Dec  4 10:36:36.538: dot11_auth_dot1x_start: in the dot11_auth_dot1x_start

Dec  4 10:36:36.538: dot11_auth_dot1x_send_id_req_to_client: Sending identity request to 0024.2ba1.02b2

Dec  4 10:36:36.538: dot11_auth_dot1x_send_id_req_to_client: Client 0024.2ba1.02b2 timer started for 120 seconds

Dec  4 10:36:36.594: dot11_auth_parse_client_pak: Received EAPOL packet from 0024.2ba1.02b2

Dec  4 10:36:36.594: dot11_auth_dot1x_run_rfsm: Executing Action(CLIENT_WAIT,EAP_START) for 0024.2ba1.02b2

Dec  4 10:36:36.594: dot11_auth_dot1x_send_id_req_to_client: Sending identity request to 0024.2ba1.02b2

Dec  4 10:36:36.594: dot11_auth_dot1x_send_id_req_to_client: Client 0024.2ba1.02b2 timer started for 120 seconds

Dec  4 10:36:36.598: dot11_auth_parse_client_pak: Received EAPOL packet from 0024.2ba1.02b2

Dec  4 10:36:36.598: dot11_auth_parse_client_pak: id is not matching req-id:1resp-id:2, waiting for response

Dec  4 10:36:36.598: dot11_auth_parse_client_pak: Received EAPOL packet from 0024.2ba1.02b2

Dec  4 10:36:36.598: dot11_auth_dot1x_run_rfsm: Executing Action(CLIENT_WAIT,CLIENT_REPLY) for 0024.2ba1.02b2

Dec  4 10:36:36.598: dot11_auth_dot1x_send_response_to_server: Sending client 0024.2ba1.02b2 data to server

Dec  4 10:36:36.598: dot11_auth_dot1x_send_response_to_server: Started timer server_timeout 60 seconds

Dec  4 10:36:36.598: RADIUS/ENCODE(0000001A):Orig. component type = DOT11

Dec  4 10:36:36.598: RADIUS(0000001A): Config NAS IP: 192.168.2.9

Dec  4 10:36:36.598: RADIUS/ENCODE(0000001A): acct_session_id: 26

Dec  4 10:36:36.598: RADIUS(0000001A): Config NAS IP: 192.168.2.9

Dec  4 10:36:36.598: RADIUS(0000001A): sending

Dec  4 10:36:36.598: RADIUS(0000001A): Send Access-Request to 192.168.2.250:1645 id 1645/122, len 178

Dec  4 10:36:36.598: RADIUS:  authenticator 32 F7 ED CB F7 9E D5 DE - 0D 5A E3 8A A1 5C 92 9A

Dec  4 10:36:36.598: RADIUS:  User-Name           [1]   15  "Domainname\username"

Dec  4 10:36:36.598: RADIUS:  Framed-MTU          [12]  6   1400                     

Dec  4 10:36:36.598: RADIUS:  Called-Station-Id   [30]  16  "0026.0bca.207a"

Dec  4 10:36:36.598: RADIUS:  Calling-Station-Id  [31]  16  "0024.2ba1.02b2"

Dec  4 10:36:36.598: RADIUS:  Vendor, Cisco       [26]  24 

Dec  4 10:36:36.598: RADIUS:   Cisco AVpair       [1]   18  "ssid=WiFi"

Dec  4 10:36:36.598: RADIUS:  Service-Type        [6]   6   Login                     [1]

Dec  4 10:36:36.598: RADIUS:  Message-Authenticato[80]  18 

Dec  4 10:36:36.598: RADIUS:   26 84 2D 1D C4 87 F0 3D C7 15 F1 45 5D 0C 2F B1  [&?-????=5   "272"

Dec  4 10:36:36.598: RADIUS:  NAS-IP-Address      [4]   6   192.168.2.9           

Dec  4 10:36:3?6.598: RADIUS:  Nas-Identifier      [32]  14  “AP1”??E

Dec  4 10:36:36.606: RADIUS: Received from id 1645/122 192.168.2.250:1645, Access-Challeng]e, len? 77

Dec  4 10:36:36.606: RADIUS:  authenticator 3E 90 7F C6 3A 0B 08 61 - 82 0B 69 2F 1C 3C 6B DB

Dec  4 10:36:36.606: RADIUS:  Session-Timeout     [27]  6  30                       

Dec  4 10:36:36.606: RADIUS:  EAP-Message         [79]  8  

Dec  4 10:36:36.606: RADIUS:   01 03 00 06 19 20                                [????? ]

Dec  4 10:36:36.606: RADIUS:  State               [24]  25 

Dec  4 10:36:36.606: RADIUS:   27 DE 05 59 00 00 01 37 00 /01 C0 A8 C8 11 00 00  ['??Y???7????????]

Dec  4 10:36:36.606: RADIUS:   00 03 46 F9 CE CE 00                             [??F????]?]

Dec  4 10:36:36.598: RADIUS:  EAP-Message         [79]  20 

Dec  4 10:36:36.598: RADIUS:   02 02 00 12 01 4E 42 50 5C 72 75 69 2E 70 65 64  [?????NBP\rui.ped]

Dec  4 10:36:36.598: RADIUS:   72 6F                                            [ro]

Dec  4 10:36:36.598: RADIUS:  NAS-Port-Type       [61]  6   802.11 wireless           [19]

Dec  4 10:36:36.598: RADIUS:  NAS-Port            [5]   6   272                      

Dec  4 10:36:36.598: RADIUS:  NAS-Port-Id         [87] 

Dec  4 10:36:36.606: RADIUS:  Message-Authenticato[80]  18 

Dec  4 10:36:36.606: RADIUS:   A0 54 AF FE 0D 3F D9 22 BC 92 45 11 EB 90 30 B1  [?T?????"??E???0?]

Dec  4 10:36:36.606: RADIUS(0000001A): Received from id 1645/122

Dec  4 10:36:36.606: RADIUS/DECODE: EAP-Message fragments, 6, total 6 bytes

Dec  4 10:36:36.606: dot11_auth_dot1x_parse_aaa_resp: Received server response: GET_CHALLENGE_RESPONSE

Dec  4 10:36:36.606: dot11_auth_dot1x_parse_aaa_resp: found session timeout 30 sec

Dec  4 10:36:36.606: dot11_auth_dot1x_parse_aaa_resp: found eap pak in server response

Dec  4 10:36:36.606: dot11_auth_dot1x_run_rfsm: Executing Action(SERVER_WAIT,SERVER_REPLY) for 0024.2ba1.02b2

Dec  4 10:36:36.606: dot11_auth_dot1x_send_response_to_client: Forwarding server message to client 0024.2ba1.02b2

Dec  4 10:36:36.606: dot11_auth_dot1x_send_response_to_client: Started timer client_timeout 30 seconds

Dec  4 10:36:36.606: dot11_auth_parse_client_pak: Received EAPOL packet from 0024.2ba1.02b2

Dec  4 10:36:36.606: dot11_auth_dot1x_run_rfsm: Executing Action(CLIENT_WAIT,CLIENT_REPLY) for 0024.2ba1.02b2

Dec  4 10:36:36.606: dot11_auth_dot1x_send_response_to_server: Sending client 0024.2ba1.02b2 data to server

Dec  4 10:36:36.606: dot11_auth_dot1x_send_response_to_server: Started timer server_timeout 60 seconds

Dec  4 10:36:36.606: RADIUS/ENCODE(0000001A):Orig. component type = DOT11

Dec  4 10:36:36.606: RADIUS(0000001A): Config NAS IP: 192.168.2.9

Dec  4 10:36:36.610: RADIUS/ENCODE(0000001A): acct_session_id: 26

Dec  4 10:36:36.610: RADIUS(0000001A): Config NAS IP: 192.168.2.9

Dec  4 10:36:36.610: RADIUS(0000001A): sending

Dec  4 10:36:36.610: RADIUS(0000001A): Send Access-Request to 192.168.2.250:1645 id 1645/123, len 297

Dec  4 10:36:36.610: RADIUS:  authenticator EE B4 E3 90 6E F5 14 87 - 43 46 1C 5C CB B9 72 12

Dec  4 10:36:36.610: RADIUS:  User-Name           [1]   15  "Domainname\username"

Dec  4 10:36:36.610: RADIUS:  Framed-MTU          [12]  6   1400                     

Dec  4 10:36:36.610: RADIUS:  Called-Station-Id   [30]  16  "0026.0bca.207a"

Dec  4 10:36:36.610: RADIUS:  Calling-Station-Id  [31]  16  "0024.2ba1.02b2"

Dec  4 10:36:36.610: RADIUS:  Vendor, Cisco       [26]  24 

Dec  4 10:36:36.610: RADIUS:   Cisco AVpair       [1]   18  "ssid=WiFi"

Dec  4 10:36:36.610: RADIUS:  Service-Type        [6]   6   Login                     [1]

Dec  4 10:36:36.610: RADIUS: Message-Authenticato[80]  18 

Dec  4 10:36:36.610: RADIUS:   94 50 24 90 DF 7F 08 28 85 80 FE 0C 77 5F D1 79  [?P$????(????w_?y]

Dec 8  26 CC 2D 9F 58 8C A3 56 CB FD  [?4?????&?-?X??V??]

Dec  4 10:36:36.610: RADIUS:   3B C3 9F 26 47 75 00 16 00 04 00 05 00 0A 00 09  [;??&Gu??????????] 10:

Dec  4 10:36:36.610: RADIUS:   00 64 00 62 3060 03 00 06 00 1:3 00 12 00 63 01 00  [?d?b??????3???c??]

Dec  4 10:36:36.610: RADIUS:  NAS-Port-Type       [61]  6   802.11 wireless           [19]

Dec  4 10:36:36.610: RADIUS:  NAS-Port            [5]   6   2672                       .

Dec  4 10:36:36.610: RADIUS:  NAS-Port-Id         [87]  5   "272"6

Dec  4 10:36:36.610: RADIUS:  State               [24]  25 

Dec  4 10:36:36.610: RADIUS:   27 DE 051 59 00 00 01 37 00 01 C0 A8 C8 11 00 00  ['??Y???7????????]0

Dec  4 10:36:36.610: RADIUS:   00 03 46 F9 CE CE 00                 :            [??F????]

Dec  4 10:36:36.610: RADIUS:  NAS-IP-Addre ss      [4]   6   192.168.2.9            RADIUUSS:  Nas-Identifie:r       [32]  14 “AP1”

Dec  4 10:36:36.610: RADIUS: Received from id 1645/123 192.168.2.250:1645, Access-Challenge, leAn 203

Dec  4 10:36:36.610: RADIUS:  authenticator 14 FB 86 DB 15 CE 01 47 - 0A 54 82 36 45 A1 5B BF

Dec  4 10:36:36.610: RADIUS:  Session-Timeout     [27]  6   P30                       

Dec  4 10:36:36.610: RADIUS:  EAP-Message         [79]  134

Dec  4 10:36:36.610: RADIUS:   01 04 00 84 19 80 00 00 00 7A 16 03 01 00 4A 02  [?????????z????J?]-

Dec  4 10:36:36.610: RADIUS:   00 00 46 03 01 4B 18 E6 34 4F DA 75 97 A5 94 DB  [??F??K??4O?u????]Message        

Dec  4 10:36:36.610: RADIUS:   7B 14 B3 63 24 04 13 2D 0B 2[C 71 15 36 08 E5 5C  [{??c$??-?,q?6??\]

Dec  4 10:36:36.610: RADIUS:   14 AE F5 48 34 20 A2 03 00 00 CC 78 DE D6 7A 80  [???H4 ?????x??z?]

Dec  4 10:36:36.610: RADIUS:   EB 10 C4 15 EE C8 26 C7C9 2D 9F 58 8C A3 56 CB FD  [????]??&?-?X??V??]

Dec  4 10:36:36.610: RADIUS:   3B C3 9F 26 47 75 00 04 00 14 03 01 00 01 01 16  [;??&Gu??????????]

Dec  4 10:36:36.610: RADIUS:   03 01 00 20 D8   60 3C F0 63 1B 15 B0 9E EC 40 42  [1??? ?`<?c?????@B]

Dec  4 10:36:36.610: RADIUS:   F4 29 7A 91 88 F0 12 4B 58 73 3C 7A 7D CA 50 3A  [?)z????KXs<z}?P:]

Dec  4 10:36:36.610: RADIUS:   46 42 E8 F1E                                      [FB??]4

Dec  4 10:36:36.610: RADIUS:   02 03 00 70 19 80 00 00 00 66 16 03 01 00 61 01  [???p?????f????a?]

Dec  4 10:36:36.610: RADIUS:   00 00 5D 03 01 4B 18 E6 34 22 A4 6B 47 E4 CF A2  [??]??K??4"?kG???]

Dec  4 10:36:36.610: RADIUS:   ED 8E 13 99 CB 14 82 20 52 6C C5 D2 F4 50 1D 2B  [??????? Rl???P?+]

Dec  4 10:36:36.610: RADIUS:   13 C0 2A CA 5E 20 A2 03 00 00 CC 78 DE D6 7A 80  [??*?^ ?????x??z?]

Dec  4 10:36:36.610: RADIUS:   EB 10 C4 15 EE C

Dec  4 10:36:36.610: RADI

Dec 4 10:36:36.610: RADIUS:  State               [24]  25 

Dec  4 10:36:36.610: RADIUS:   27 DE 05 59 00 00 01 37 00 01 C0 A8 C8 11 00 00  ['??Y???7????????]

Dec  4 10:36:36.610: RADIUS:   00 03 46 F9 CE CE 00                             [??F????]

Dec  4 10:36:36.610: RADIUS:  Message-Authenticato[80]  18 

Dec  4 10:36:36.610: RADIUS:   BE 9F 1F 72 CC 10 69 55 95 14 CF A0 E7 0F 63 72  [???r??iU??????cr]

Dec  4 10:36:36.610: RADIUS(0000001A): Received from id 1645/123

Dec  4 10:36:36.610: RADIUS/DECODE: EAP-Message fragments, 132, total 132 bytes

Dec  4 10:36:36.610: dot11_auth_dot1x_parse_aaa_resp: Received server response: GET_CHALLENGE_RESPONSE

Dec  4 10:36:36.610: dot11_auth_dot1x_parse_aaa_resp: found session timeout 30 sec

Dec  4 10:36:36.610: dot11_auth_dot1x_parse_aaa_resp: found eap pak in server response

Dec  4 10:36:36.610: dot11_auth_dot1x_run_rfsm: Executing Action(SERVER_WAIT,SERVER_REPLY) for 0024.2ba1.02b2

Dec  4 10:36:36.610: dot11_auth_dot1x_send_response_to_client: Forwarding server message to client 0024.2ba1.02b2

Dec  4 10:36:36.610: dot11_auth_dot1x_send_response_to_client: Started timer client_timeout 30 seconds

Dec  4 10:36:36.614: dot11_auth_parse_client_pak: Received EAPOL packet from 0024.2ba1.02b2

Dec  4 10:36:36.614: dot11_auth_dot1x_run_rfsm: Executing Action(CLIENT_WAIT,CLIENT_REPLY) for 0024.2ba1.02b2

Dec  4 10:36:36.614: dot11_auth_dot1x_send_response_to_server: Sending client 0024.2ba1.02b2 data to server

Dec  4 10:36:36.618: dot11_auth_dot1x_send_response_to_server: Started timer server_timeout 60 seconds

Dec  4 10:36:36.618: RADIUS/ENCODE(0000001A):Orig. component type = DOT11

Dec  4 10:36:36.618: RADIUS(0000001A): Config NAS IP: 192.168.2.9

Dec  4 10:36:36.618: RADIUS/ENCODE(0000001A): acct_session_id: 26

Dec  4 10:36:36.618: RADIUS(0000001A): Config NAS IP: 192.168.2.9

Dec  4 10:36:36.618: RADIUS(0000001A): sending

Dec  4 10:36:36.618: RADIUS(0000001A): Send Access-Request to 192.168.2.250:1645 id 1645/124, len 238

Dec  4 10:36:36.618: RADIUS:  authenticator 66 7E 3C 3F 16 23 07 AC - 3E 36 1D 9C AA 5F EB 0D

Dec  4 10:36:36.618: RADIUS:  User-Name           [1]   15  "Domainname\username"

Dec  4 10:36:36.618: RADIUS:  Framed-MTU          [12]  6   1400                     

Dec  4 10:36:36.618: RADIUS:  Called-Station-Id   [30]  16  "0026.0bca.207a"

Dec  4 10:36:36.618: RADIUS:  Calling-Station-Id  [31]  16  "0024.2ba1.02b2"

Dec  4 10:36:36.618: RADIUS:  Vendor, Cisco       [26]  24 

Dec  4 10:36:36.618: RADIUS:   Cisco AVpair       [1]   18 "ssid=WiFi"

Dec ???]

Dec  4 10:36:36.618: RADIUS:   4A BF 52 98 34 47 E1 FF C3 06 72 D4 70 C9 2D 48  [J?R?4G????r?p?-H] 4 1

Dec  4 10:36:36.6180: RADIUS:   AB 73 0F 04 F1                                   [?s:???]

Dec  4 10:36:36.618: RADIUS:  NAS-Port-Type       [61]  6  3 802.11 wireless6 :          [19]

Dec  4 10:36:36.618: RADIUS:  NAS-Port            [5]   6   272                       3

Dec  4 10:36:36.618: RADIUS:  NAS-Port-Id6         [87]  5   "272"

Dec  4 10:36:36.618: RADIUS:  State               [24]  25 

Dec  4 10:36:36.618: RADIUS:   27 DE 05 59. 00 00 01 37 00 01 C0 A8 C8 11 00 00  ['??Y???7????????]

Dec  4 10:36:36.618: RADIUS:   00 03 46 F9 CE CE 00                             [??F????]

Dec  4 10:36:36.618: RADIUS:  NAS-IP-Address 6     [4]   6   192.168.2.9            18:

Dec  4 10:36:36.618: RADIUS:  Nas-Identifier      [32]  14  “AP1”

Dec  4 10:36:36.618: RADIUS: Received from id 1645/124 192.168.2.250:16R45, Access-Challenge, len 109

Dec  4 10:36:36.618: RADIUS:  authenticator C0 18 07 8C C4 2A F0 31 - 16 60 C0 96 64 B6 52 78

Dec  4 10:36:36.618: RADIUS:  Session-Timeout     [27]  6   30      A                 

Dec  4 10:36:36.618: RADIUS:  EAP-Message         [79]  40 

Dec  4 10:36:36.618: RADIUS:   01 07 00 26 19 00D 17 03 01 00 1B F6 6B D2 88 CA  I[???&????????k???]

Dec  4 10:36:36.618: RADIUS:   06 1E C6 82 0E EC 01 A0 A2 92 29 34 5A F8 64 84  [??????????)4Z?d?]US:  Service-Type S:   07 E8 22 F9 2F D7                                [??"?/?]

Dec  4 10:36:36.618: RADIUS:  State               [24]  25 

Dec  4 10:36:36.618: RADIUS:   27 DE 05 59 00 00 01 37 00 01 C0 A8 C8 11 00 00  ['??Y???7????????]

Dec  4 10:36:36.618: RADIUS:   00 03 46 F9  CE CE 00                             [??F????]

Dec  4 10:36:36.618: RADIUS:  Message-Authenticato[80]  18 

Dec  4 10:36:36.618: RADIUS:   91 BE D6 30 70 F7 9F  62 47 FA 82 B4 C7 4B 6B B4  [??? 0p??bG????Kk?]

Dec  4 10:36:36.618: RADIUS(0000001A): Received from id 1645/124

Dec  4 10:36:36.618: RADIUS/DECODE: EAP-Message fragments, 38, total 38 bytes[6]   6   Login                     [1]

Dec  4 10:36:36.618: RADIUS:  Message-Authenticato[80]  18 

Dec  4 10:36:36.618: RADIUS:   51 B8 65 4A 5C 98 6C FB 79 85 42 2D 21 B5 F6 2C  [Q?eJ\?l?y?B-!??,]

Dec  4 10:36:36.618: RADIUS:  EAP-Message         [79]  55 

Dec  4 10:36:36.618: RADIUS:   02 04 00 35 19 80 00 00 00 2B 14 03 01 00 01 01  [???5?????+??????]

Dec  4 10:36:36.618: RADIUS:   16 03 01 00 20 E3 63 51 83 5B CE D6 FE 09 E8 8E  [???? ?cQ?[???

Dec  4 10:36:36.618: RADIU

Dec  4 10:36:36.618: dot11_auth_dot1x_parse_aaa_resp: Received server response: GET_CHALLENGE_RESPONSE

Dec  4 10:36:36.618: dot11_auth_dot1x_parse_aaa_resp: found session timeout 30 sec

Dec  4 10:36:36.622: dot11_auth_dot1x_parse_aaa_resp: found eap pak in server response

Dec  4 10:36:36.622: dot11_auth_dot1x_run_rfsm: Executing Action(SERVER_WAIT,SERVER_REPLY) for 0024.2ba1.02b2

Dec  4 10:36:36.622: dot11_auth_dot1x_send_response_to_client: Forwarding server message to client 0024.2ba1.02b2

Dec  4 10:36:36.622: dot11_auth_dot1x_send_response_to_client: Started timer client_timeout 30 seconds

Dec  4 10:36:36.622: dot11_auth_parse_client_pak: Received EAPOL packet from 0024.2ba1.02b2

Dec  4 10:36:36.622: dot11_auth_dot1x_run_rfsm: Executing Action(CLIENT_WAIT,CLIENT_REPLY) for 0024.2ba1.02b2

Dec  4 10:36:36.622: dot11_auth_dot1x_send_response_to_server: Sending client 0024.2ba1.02b2 data to server

Dec  4 10:36:36.622: dot11_auth_dot1x_send_response_to_server: Started timer server_timeout 60 seconds

Dec  4 10:36:36.622: RADIUS/ENCODE(0000001A):Orig. component type = DOT11

Dec  4 10:36:36.622: RADIUS(0000001A): Config NAS IP: 192.168.2.9

Dec  4 10:36:36.622: RADIUS/ENCODE(0000001A): acct_session_id: 26

Dec  4 10:36:36.622: RADIUS(0000001A): Config NAS IP: 192.168.2.9

Dec  4 10:36:36.622: RADIUS(0000001A): sending

Dec  4 10:36:36.622: RADIUS(0000001A): Send Access-Request to 192.168.2.250:1645 id 1645/125, len 223

Dec  4 10:36:36.622: RADIUS:  authenticator 12 09 DE 4D 3C 6F BC B1 - 51 FF A4 CA 94 86 C7 82

Dec  4 10:36:36.622: RADIUS:  User-Name           [1]   15  "Domainname\username"

Dec  4 10:36:36.622: RADIUS:  Framed-MTU          [12]  6   1400                     

Dec  4 10:36:36.622: RADIUS:  Called-Station-Id   [30]  16  "0026.0bca.207a"

Dec  4 10:36:36.622: RADIUS:  Calling-Station-Id  [31]  16  "0024.2ba1.02b2"

Dec  4 10:36:36.622: RADIUS:  Vendor, Cisco       [26]  24 

Dec  4 10:36:36.622: RADIUS:   Cisco AVpair       [1]   18  "ssid=WiFi"

Dec  4 10:36:36.622: RADIUS:  Service-Type        [6]   6   Login                     [1]

Dec  4 10:36:36.622: RADIUS:  Message-Authenticato[80]  18 

Dec  4 10:36:36.622: RADIUS:   FF DF 20 5B A4 9B 23 8E EF 2E C5 79 60 82 63 83  [?? [??#??.?y`?c?]

Dec 4 10:36:36.622: RADIUS:  EAP-Message         [79]  40 

Dec  4 10:36:36.622: RADIUS:   02 07 00 26 19 00 17 03 01 00 1B 19 AF 20 3B 8C  [???&????????? ;?]

Dec  4 10:36:36.622: RADIUS:   B6 EF 0E A9 33 61 98 0B C9 CD 41 B9 DE B3 67 7F  [????3a????A???g?]

Dec  4 10:36:36.622: RADIUS:   A7 03 36 97 3D 0B                                [??6?=?]

Dec  4 10:36:36.622: RADIUS:  NAS-Port-Type       [61]  6   802.1.29           

Dec  4 10:36:36.622: RADIUS:  Nas-Identifier      [32]  14  “AP1”1 w

Dec  4 10:36:36.626: RADIUS: Received from id 1645/125 192.168.2.250:1645, Access-Accept, len 264i

Dec  4 10:36:36.626: RADIUS:  aurtehenticator EE 15 69 1F 76 E4 4D 5F - 8D 16 BF 08 AA 17 0D 6B

Dec  4 10:36:36.626: RADIUS:  Framed-MTU          [12]  6   1400                      l

e

sDec  4 10:36:36.626: RADIUS:  Idle-Timeout        [28]  6   120                       s

Dec  4 10:36:36.626: RADIUS:  Service-Type        [6]   6   Authen Only               [8]

Dec  4 10:36:36.626: RADIUS:  Framed-IP-Address   [8]  6    192.168.2.104          

Dec  4 10:36:36.626: RADIUS:  EAP-Message         [79]  6      

Dec  4 10:36:36.626: RADIUS:   03 0 8 00 04                                      [????]

Dec  4 10:36:36.626: RADIUS:  Class               [25]  32 

Dec  4 10:36:36.626: RADIUS:   64 84 07 C7 00 00 01 37 00 01 C0 A8 C8 11 01 CA   [d??????7????????]

Dec  4 10:36:36.626: RADIUS:   73 6B 60 98 F5 D4 00 00 00 00 00 00 14 CE        [sk`???????????]

Dec  4 10:36:36.626: RADIUS:  Vendor, Cisco       [26]  24  

Dec  4 10:36:36.626: RADIUS:   Cisco AVpair       [1]   18  "ssid=WiFi"

Dec  4 10:36:36.626: RADIUS:  Vendor, Microsoft   [26]  12 

Dec  4 10:36:36.626: RADIUS:   MS-MPPE-Enc-Policy [7]   6     [19]

Dec  4 10:36:36.622: RADIUS:  NAS-Port            [5]   6   272  IUS:   00 00 00 02                                        [????]

Dec  4 10:36:36.626: RADIUS:  Vendor, Microsoft   [26]  12  

Dec  4 10:36:36.626: RADIUS:   MS-MPPE-Enc-Type   [8]   6  

Dec  4 10:36:36.626: RADIUS:   00  00 00 02                                      [????]

Dec  4 10:3 6:36.626: RADIUS:  Vendor, Microsoft   [26]  58 

Dec  4 10:36:36.626: RADIUS:   MS-MPPE-Send-Key   [16]  52  *

Dec  4 10:36:36.626: RADIUS:  Vendor, Microsoft   [26]  58 

Dec  4 10:36:36.626 : RADIUS:   MS-MPPE-Recv-Key   [17]  52  *

Dec  4 10:36:36.626: RADIUS:  Message-Authenticato[80]  18                

Dec  4 10:36:36.622: RADIUS:  NAS-Port-Id         [87]  5   "272"

Dec  4 10:36:36.622: RADIUS:  State               [24]  25 

Dec  4 10:36:36.622: RADIUS:   27 DE 05 59 00 00 01 37 00 01 C0 A8 C8 11 00 00  ['??Y???7????????]

Dec  4 10:36:36.622: RADIUS:   00 03 46 F9 CE CE 00                             [??F????]

Dec  4 10:36:36.622: RADIUS:  NAS-IP-Address      [4]   6   192.168.200

Dec  4 10:36:36.626: RAD

Dec  4 10:36:36.626: RADIUS:   D7 3E 50 6E C2 6C 46 ED 16 2E 15 50 94 6F F0 B9  [?>Pn?lF??.?P?o??]

Dec  4 10:36:36.626: RADIUS(0000001A): Received from id 1645/125

Dec  4 10:36:36.626: RADIUS/DECODE: EAP-Message fragments, 4, total 4 bytes

Dec  4 10:36:36.626: dot11_auth_dot1x_parse_aaa_resp: Received server response: PASS

Dec  4 10:36:36.626: dot11_auth_dot1x_parse_aaa_resp: found eap pak in server response

Dec  4 10:36:36.626: dot11_auth_dot1x_parse_aaa_resp: Found AAA_AT_MS_MPPE_SEND_KEY in server response

Dec  4 10:36:36.626: dot11_auth_dot1x_parse_aaa_resp: AAA_AT_MS_MPPE_SEND_KEY session key length 32

Dec  4 10:36:36.626: dot11_auth_dot1x_parse_aaa_resp: Found AAA_AT_MS_MPPE_RECV_KEY in server response

Dec  4 10:36:36.626: dot11_auth_dot1x_parse_aaa_resp: AAA_AT_MS_MPPE_RECV_KEY session key length 32

Dec  4 10:36:36.626: dot11_auth_dot1x_run_rfsm: Executing Action(SERVER_WAIT,SERVER_PASS) for 0024.2ba1.02b2

Dec  4 10:36:36.626: dot11_auth_dot1x_send_response_to_client: Forwarding server message to client 0024.2ba1.02b2

Dec  4 10:36:36.626: dot11_auth_dot1x_send_response_to_client: Started timer client_timeout 120 seconds

Dec  4 10:36:36.626: %DOT11-6-ASSOC: Interface Dot11Radio1, Station hostname-M 0024.2ba1.02b2 Associated KEY_MGMT[NONE]

again:

Dec  4 10:36:41.626: dot11_auth_dot1x_start: in the dot11_auth_dot1x_start
Dec  4 10:36:41.626: dot11_auth_dot1x_send_id_req_to_client: Sending identity request to 0024.2ba1.02b2
Dec  4 10:36:41.626: dot11_auth_dot1x_send_id_req_to_client: Client 0024.2ba1.02b2 timer started for 120 seconds

....

My problem is after that line, "%DOT11-6-ASSOC" , start everthing again and dont stop.

I still have my address ip ok, I ping with no time out.

I have setup PEAP-MSCHAPv2 autentication.

what are missing to my setup ?

thanks

RP

Everyone's tags (2)
1 REPLY
New Member

Re: debug radius authentication

OK FOLKS,

change this line , simple...

dot1x timeout reauth-period server

thanks

RP

5421
Views
0
Helpful
1
Replies