Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
417
Views
10
Helpful
2
Replies

Using Peap w/ IAS

George.burtz
Level 1
Level 1

‎07-18-2003 09:54 AM - edited ‎07-04-2021 08:52 AM

I have a 1200 AP w/ latest IOS trying to do PEAP for wireless clients. When pointing the 1200 to a Funk or ACS radius server it works great. When I point to an IAS server runnng on W2K SP3, I get an IAS error in the event viewer saying "The specified authentication type is not supported on this system"

When I use a Symbol AP with the same IAS server, it works fine.

I have sniffer traces comparing the 2 scenarios and the only difference I can see is the attributes for

NAS Port and NAS port type.

Bad auth (Cisco AP)

NAS Port Type - virtual

NAS Port - 414

Good auth (Symbol AP)

NAS Port Type - 0x00000013

NAS Port - 29

Anyone know what is going on here?

Labels:
0 Helpful
2 Replies 2

dhickey
Level 1
Level 1

‎07-18-2003 12:06 PM

This is a reply I received from Cisco when I asked this question..

This is actually a software bug CSCeb36095

Here is the release note from the bug

IOS based APs will pass Radius attribute 61 (NAS-Port-Type) with value 5 (virtual), while VxWorks based APs use value 19 (Wireless IEEE802.11)

Users may need to re-configure Radius server setting if this attribute is used to grant access to the user, when migrating AP from VxWorks to IOS.

No ETA on when this should be fixed yet but if the work around doesnt work then please contact the TAC and open a case have you case linked to the bug then you can be kept updated of when the fix will be released

What I had to do was change IAS from 802.11 in the policy to virtual. The user then authenticated...

However, I was also using per user VLANS and the VLAN assignment was not working and they opened another bug on it. This was with a VXworks AP that had been "upgraded" to the IOS version....Needless to say it is sitting on the shelf waiting for the next release of IOS for the 1220's.

Hope that helps some...

don

George.burtz
Level 1
Level 1
In response to dhickey

‎07-23-2003 08:57 AM

That did it. Thanks for the info. Added a new RAS policy and it worked fine.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card