Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Wireless EAP getting auth OK but not auth'ing

Hi Everyone,

Hoping someone can point me in the right direction here. I have a user on my wireless lan which is 802.1x EAP authenticated via my domain controller (Fruityloops / 192.168.0.4) and my AP is 192.168.0.2 and for the record <<001c.bfa9.f53e>> is the MAC of the end user (STN).

From reading the snippet 1 when it gets "Received from 192.168.0.4 Access-Accept" but it never lets the user authenticate.

Could someone tell me what I'm doing wrong? I want this one single MAC on full bypass authentication which is why it has a proxy-policy-name with that MAC as the client calling-station-identifier so it doesn't try to auth as its my dad's work laptop and his work use another domain name which causes clashes.

Thanks.

<<< Snippet from AP's terminal monitor >>>
*Apr  3 13:18:00.841: %DOT11-6-ASSOC: Interface Dot11Radio0, Station ap 0013.e8b3.5361 Associated KEY_MGMT[NONE]
*Apr  3 13:18:00.844: RADIUS/ENCODE(0000000A):Orig. component type = DOT11
*Apr  3 13:18:00.844: RADIUS(0000000A): Using existing nas_port 263
*Apr  3 13:18:00.844: RADIUS(0000000A): Config NAS IP: 192.168.0.2
*Apr  3 13:18:00.844: RADIUS(0000000A): Send Accounting-Request to 192.168.0.4:1813 id 1646/1, len 259
*Apr  3 13:18:00.850: RADIUS: Received from id 1646/1 192.168.0.4:1813, Accounting-response, len 20
*Apr  3 13:21:49.614: RADIUS/ENCODE(0000000B):Orig. component type = DOT11
*Apr  3 13:21:49.614: RADIUS(0000000B): Storing nasport 264 in rad_db
*Apr  3 13:21:49.614: RADIUS(0000000B): Config NAS IP: 192.168.0.2
*Apr  3 13:21:49.614: RADIUS(0000000B): Config NAS IP: 192.168.0.2
*Apr  3 13:21:49.614: RADIUS(0000000B): Send Access-Request to 192.168.0.4:1812 id 1645/16, len 113
*Apr  3 13:21:49.629: RADIUS: Received from id 1645/16 192.168.0.4:1812, Access-Accept, len 52
*Apr  3 13:21:49.630: %DOT11-6-ASSOC: Interface Dot11Radio0, Station ap 001c.bfa9.f53e Associated KEY_MGMT[NONE]
*Apr  3 13:24:45.851: %DOT11-7-AUTH_FAILED: Station 001c.bfa9.f53e Authentication failed
*Apr  3 13:25:29.026: %DOT11-7-AUTH_FAILED: Station 001c.bfa9.f53e Authentication failed


<<Snippet from IAS System Log>>
Type: Info
ID: 1

User  was granted access.
Fully-Qualified-User-Name = <undetermined>
NAS-IP-Address = 192.168.0.2
NAS-Identifier = ap
Client-Friendly-Name = CiscoAP1
Client-IP-Address = 192.168.0.2
Calling-Station-Identifier = 001c.bfa9.f53e
NAS-Port-Type = Wireless - IEEE 802.11
NAS-Port = 264
Proxy-Policy-Name = PaulWifi
Authentication-Provider = <none>
Authentication-Server = <undetermined>
Policy-Name = <undetermined>
Authentication-Type = <undetermined>
EAP-Type = <undetermined>

261
Views
0
Helpful
0
Replies