Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

MAC Filterin, WLC and Freeradius

Hi guys: Im having some problems trying to setup a WLC filtering users by MAC Address using a Free Radius servers.

Currently i'm using autonomous APs and its working just fine, the configuration for this is:

radius-server attribute 32 include-in-access-req format %h

radius-server host 192.168.63.4 auth-port 1812 acct-port 1812 key 7 ************

radius-server vsa send accounting

Now, using LWAPP, I have configured the WLAN for None Security in layer 2 and 3, and checked the Mac Filtering box. Also, I added the Radius server under the security tab, added "free radius" compatibility and the same shared secret used with the autonomous APs.

The radius server is expecting the user/password to be mac_address/mac_address. But it looks like the controller its sending "mac_address/shared_secret". In the controller i get the following messages (they are from different debugs and logs):

7 [ERROR] radius_db.c 1073: 8th AVP is corrupted. Radius msgtype=0. Prev AVP=1 len=4 offset=120 numAVPs=14.

Wed Mar 21 12:06:07 2007 [ERROR] radius_db.c 804: BAD aaa AVP with NULL value pointer.(code=2, valueLen=0, vendorId=0,buf=0x11cce05c, bufSize=3976)

Wed Mar 21 12:05:55 2007 [ERROR] radius_db.c 1073: 8th AVP is corrupted. Radius msgtype=0. Prev AVP=1 len=4 offset=120 numAVPs=14.

Wed Mar 21 12:05:55 2007 [ERROR] radius_db.c 804: BAD aaa AVP with NULL value pointer.(code=2, valueLen=0, vendorId=0,buf=0x11cce05c, bufSize=3976)

(Cisco Controller) >Wed Mar 21 11:28:50 2007: 00:14:a5:b8:a3:0d Successful transmission of Authentication Packet (id 129) to 192.168.63.4:1812, proxy state 00:14:a5:b8:a3:0d-a5:b8

Wed Mar 21 11:28:50 2007: ****Enter processIncomingMessages: response code=3

Wed Mar 21 11:28:50 2007: ****Enter processRadiusResponse: response code=3

Wed Mar 21 11:28:50 2007: 00:14:a5:b8:a3:0d Access-Reject received from RADIUS server 192.168.63.4 for mobile 00:14:a5:b8:a3:0d receiveId = 0

Wed Mar 21 11:28:50 2007: 00:14:a5:b8:a3:0d processing avps[0]: attribute 18

Wed Mar 21 11:28:50 2007: 00:14:a5:b8:a3:0d Successful transmission of Authentication Packet (id 130) to 192.168.63.4:1812, proxy state 00:14:a5:b8:a3:0d-a5:b8

Wed Mar 21 11:28:50 2007: ****Enter processIncomingMessages: response code=3

Wed Mar 21 11:28:50 2007: ****Enter processRadiusResponse: response code=3

Wed Mar 21 11:28:50 2007: 00:14:a5:b8:a3:0d Access-Reject received from RADIUS server 192.168.63.4 for mobile 00:14:a5:b8:a3:0d receiveId = 0

Wed Mar 21 11:28:50 2007: 00:14:a5:b8:a3:0d processing avps[0]: attribute 18

Wed Mar 21 11:28:51 2007: 00:90:96:cb:3a:e1 Successful transmission of Authentication Packet (id 131) to 192.168.63.4:1812, proxy state 00:90:96:cb:3a:e1-96:cb

Wed Mar 21 11:28:51 2007: ****Enter processIncomingMessages: response code=3

Wed Mar 21 11:28:51 2007: ****Enter processRadiusResponse: response code=3

Wed Mar 21 11:28:51 2007: 00:90:96:cb:3a:e1 Access-Reject received from RADIUS server 192.168.63.4 for mobile 00:90:96:cb:3a:e1 receiveId = 0

Wed Mar 21 11:28:51 2007: 00:90:96:cb:3a:e1 processing avps[0]: attribute 18

Any suggestions? Thanks in advance :)

3 REPLIES
Bronze

Re: MAC Filterin, WLC and Freeradius

Remove any incorrect proxy server configured. This might redirect the request to wrong AAA server.

New Member

Re: MAC Filterin, WLC and Freeradius

Problem was solved. What I changed was the format of the mac address, from this xxxxxxxx to xxxx-xxxx. Anyway the server was configured to accept both, but for some reason it didnt work using the first format.

New Member

MAC Filterin, WLC and Freeradius

Hi  omarmontes,

I'm trying to deploy the same configuration like you, I work with wlc 5508 and FreeRadius, could you tell me how you save MAC address on FreeRadius?

Thanks

1324
Views
0
Helpful
3
Replies
CreatePlease login to create content