Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

1240AG Access Point Received Crypto-Binding TLV is invalid

I need help in trying to figuring why I can't get 1240G authentication to work with windows 2008 NPS Radius. It's working with Windows 2000 AIS. Below is error I've got with windows 2008:

Network Policy Server denied access to a user.

Contact the Network Policy Server administrator for more information.

User:

Security ID: edited

Account Name: edited

Account Domain: edited

Fully Qualified Account Name: edited

Client Machine:

Security ID: NULL SID

Account Name: -

Fully Qualified Account Name: -

OS-Version: -

Called Station Identifier: 0017.0fd8.8b40

Calling Station Identifier: 001e.4c13.d804

NAS:

NAS IPv4 Address: 10.0.10.47

NAS IPv6 Address: -

NAS Identifier: swap1

NAS Port-Type: Wireless - IEEE 802.11

NAS Port: 356

RADIUS Client:

Client Friendly Name: swap1

Client IP Address: 10.0.10.47

Authentication Details:

Proxy Policy Name: Use Windows authentication for all users

Network Policy Name: Production Wireless Users

Authentication Provider: Windows

Authentication Server: x.x.com

Authentication Type: PEAP

EAP Type: -

Account Session Identifier: -

Reason Code: 301

Reason: Received Crypto-Binding TLV is invalid.

1 REPLY
Silver

Re: 1240AG Access Point Received Crypto-Binding TLV is invalid

Make sure that The Crypto-Binding TLV is valid only if the following checks pass:

The Crypto-Binding TLV version is supported

The Compound MAC verifies correctly

The received version in the Crypto-Binding TLV matches the version

802
Views
0
Helpful
1
Replies