Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

WLC 4400 and Funk Odyssey RADIUS

Hi

Had big problem today trying to get EAP-TTLS Intermec clients using Cisco 1242 LWAPP AP's on a WLC 4400,

The Funk Odyssey Server was reporting that the WLC was providing an unknown Vendor id. And was rejecting the requests to authenticate.

I'm at home now so haven't got the exact message.

EAP-PEAP devices were OK.

Can anyone point me in the right direction please ? I looked at the Odyssey Radius dictionary file but i'm not exerienced enough with RADIUS attributes to undestand what changes i need t make.

Thankyou

Anthony

Message was edited by: Anthony Milner Example from debugging on WLC: ending EAP-Request/Identity to mobile 00:02:2d:b4:6a:a8 (EAP Id 3) *Feb 09 09:46:00.044: 00:02:2d:b4:6a:a8 Received EAPOL EAPPKT from mobile 00:02:2d:b4:6a:a8 *Feb 09 09:46:00.044: 00:02:2d:b4:6a:a8 Received EAP Response packet with mismatching id (currentid=3, eapid=1) from mobile 00:02:2d:b4:6a:a8 *Feb 09 09:46:00.052: 00:02:2d:b4:6a:a8 Received EAPOL EAPPKT from mobile 00:02:2d:b4:6a:a8 *Feb 09 09:46:00.052: 00:02:2d:b4:6a:a8 Received EAP Response packet with mismatching id (currentid=3, eapid=2) from mobile 00:02:2d:b4:6a:a8 *Feb 09 09:46:00.055: 00:02:2d:b4:6a:a8 Received EAPOL EAPPKT from mobile 00:02:2d:b4:6a:a8 *Feb 09 09:46:00.055: 00:02:2d:b4:6a:a8 Received Identity Response (count=3) from mobile 00:02:2d:b4:6a:a8 *Feb 09 09:46:00.056: 00:02:2d:b4:6a:a8 EAP State update from Connecting to Authenticating for mobile 00:02:2d:b4:6a:a8 *Feb 09 09:46:00.056: 00:02:2d:b4:6a:a8 dot1x - moving mobile 00:02:2d:b4:6a:a8 into Authenticating state *Feb 09 09:46:00.056: 00:02:2d:b4:6a:a8 Entering Backend Auth Response state for mobile 00:02:2d:b4:6a:a8 *Feb 09 09:46:00.058: 00:02:2d:b4:6a:a8 Processing Access-Challenge for mobile 00:02:2d:b4:6a:a8 *Feb 09 09:46:00.058: 00:02:2d:b4:6a:a8 Entering Backend Auth Req state (id=4) for mobile 00:02:2d:b4:6a:a8 *Feb 09 09:46:00.058: 00:02:2d:b4:6a:a8 Sending EAP Request from AAA to mobile 00:02:2d:b4:6a:a8 (EAP Id 4) *Feb 09 09:46:00.485: 00:02:2d:b4:6a:a8 Copy AP LOCP - mode:0 slotId:0, apMac 0x0:23:34:3f:fa:b0 *Feb 09 09:46:00.485: 00:02:2d:b4:6a:a8 Copy WLAN LOCP EssIndex:4 aid:1 ssid:    test *Feb 09 09:46:00.486: 00:02:2d:b4:6a:a8 Copy Security LOCP ecypher:0x3 ptype:0x0, p:0x1, eaptype:0x6 w:0x1 aalg:0x0, PMState: 8021X_REQD *Feb 09 09:46:00.486: 00:02:2d:b4:6a:a8 Copy 802.11 LOCP a:0x0 b:0x0 c:0x0 d:0x0 e:0x0 protocol2:0x2 statuscode 0, reasoncode 99, status 3 *Feb 09 09:46:00.486: 00:02:2d:b4:6a:a8 Copy Username LOCP : anonymous@antares *Feb 09 09:46:00.486: 00:02:2d:b4:6a:a8 Copy MobilityData LOCP status:0, anchorip:0x0 *Feb 09 09:46:01.001: 00:02:2d:b4:6a:a8 802.1x 'timeoutEvt' Timer expired for station 00:02:2d:b4:6a:a8 *Feb 09 09:46:01.001: 00:02:2d:b4:6a:a8 Retransmit 1 of EAP-Request (length 10) for mobile 00:02:2d:b4:6a:a8 *Feb 09 09:46:01.730: 00:02:2d:b4:6a:a8 Association received from mobile on AP 00:23:34:3f:fa:b0 *Feb 09 09:46:01.730: 00:02:2d:b4:6a:a8 STA - rates (4): 2 4 11 22 0 0 0 0 0 0 0 0 0 0 0 0 *Feb 09 09:46:01.730: 00:02:2d:b4:6a:a8 0.0.0.0 8021X_REQD (3) Initializing policy *Feb 09 09:46:01.730: 00:02:2d:b4:6a:a8 0.0.0.0 8021X_REQD (3) Change state to AUTHCHECK (2) last state 8021X_REQD (3) *Feb 09 09:46:01.730: 00:02:2d:b4:6a:a8 0.0.0.0 AUTHCHECK (2) Change state to 8021X_REQD (3) last state 8021X_REQD (3) *Feb 09 09:46:01.730: 00:02:2d:b4:6a:a8 0.0.0.0 8021X_REQD (3) Plumbed mobile LWAPP rule on AP 00:23:34:3f:fa:b0

Message was edited by: Anthony Milner And a line from the Odyssey RADIUS log: Feb 10 13:48:14 2010: RadRadiusTracer: unable to find RadDictionaryVendor object for vendor id Feb 10 13:48:14 2010: Radius Packet Trace:

739
Views
0
Helpful
0
Replies