cancelar
Mostrar resultados para 
Pesquisar em vez de 
Queria dizer: 
Comunicados
Bem-vindo à Comunidade de Suporte da Cisco, gostaríamos de ter seus comentários.

Autonomous AP with EAP and Windows IAS server

Hello,

I'm trying to configure an autonomous AP with EAP authentication. The AP is a 1600 with software Version 15.2(2)JB2 and

the RADIUS server is a Windows 2003 server with IAS.

When the client tries to authenticate, I get the following error on the AP:

*Mar  1 22:14:22.116: RADIUS/ENCODE(0000039D):Orig. component type = DOT11

*Mar  1 22:14:22.116: RADIUS:  AAA Unsupported Attr: ssid              [347] 9

*Mar  1 22:14:22.116: RADIUS:   49 4E 54 45 52 4E 41           [ INTERNA]

*Mar  1 22:14:22.116: RADIUS: AAA Unsupported Attr: service-type      [345] 4   2

*Mar  1 22:14:22.116: RADIUS: AAA Unsupported Attr: interface         [222] 3

*Mar  1 22:14:22.116: RADIUS:   35                 [ 5]

*Mar  1 22:14:22.116: RADIUS(0000039D): Config NAS IP: 172.27.1.164

*Mar  1 22:14:22.116: RADIUS(0000039D): Config NAS IPv6:

*Mar  1 22:14:22.116: RADIUS/ENCODE(0000039D): acct_session_id: 914

*Mar  1 22:14:22.116: RADIUS(0000039D): Config NAS IP: 172.27.1.164

*Mar  1 22:14:22.116: RADIUS(0000039D): sending

*Mar  1 22:14:22.116: RADIUS(0000039D): Send Access-Request to 172.18.10.45:1812 id 1645/205, len 162

*Mar  1 22:14:22.116: RADIUS:  authenticator 82 C8 75 DD 4E 40 BC 77 - FC 00 D6 7A 8E 06 E4 D3

*Mar  1 22:14:22.116: RADIUS:  User-Name           [1]   16  "PSA\xxxxx"

*Mar  1 22:14:22.116: RADIUS:  Framed-MTU          [12]  6   1400

*Mar  1 22:14:22.116: RADIUS:  Called-Station-Id   [30]  29  "18-9C-5D-4B-9E-A0:INTERNAL3"

*Mar  1 22:14:22.116: RADIUS:  Calling-Station-Id  [31]  19  "24-77-03-CB-44-68"

*Mar  1 22:14:22.116: RADIUS:  Service-Type        [6]   6   Framed                    [2]

*Mar  1 22:14:22.116: RADIUS:  Message-Authenticato[80]  18

*Mar  1 22:14:22.116: RADIUS:   8C 96 DD 7D FB 48 32 70 B4 93 63 AA 3A 11 17 30           [ }H2pc:0]

*Mar  1 22:14:22.116: RADIUS:  EAP-Message         [79]  21

*Mar  1 22:14:22.116: RADIUS:   02 02 00 13 01 41 50 53 41 5C 76 63 61 73 74 61 6E 6F 6C    [ PSA\xxxxx]

*Mar  1 22:14:22.116: RADIUS:  NAS-Port-Type       [61]  6   802.11 wireless           [19]

*Mar  1 22:14:22.116: RADIUS:  NAS-Port            [5]   6   562

*Mar  1 22:14:22.116: RADIUS:  NAS-Port-Id         [87]  5   "562"

*Mar  1 22:14:22.116: RADIUS:  NAS-IP-Address      [4]   6   172.27.1.164

*Mar  1 22:14:22.116: RADIUS:  Nas-Identifier      [32]  4   "ap"

*Mar  1 22:14:22.116: RADIUS(0000039D): Sending a IPv4 Radius Packet

*Mar  1 22:14:22.116: RADIUS(0000039D): Started 5 sec timeout

*Mar  1 22:14:22.160: RADIUS: Received from id 1645/205 172.18.10.45:1812, Access-Reject, len 20

*Mar  1 22:14:22.160: RADIUS:  authenticator 95 93 03 F6 3A 84 92 16 - 41 F0 25 BB B4 7B F9 C0

*Mar  1 22:14:22.160: RADIUS(0000039D): Received from id 1645/205

This is the event generated in the IAS:

Event Type:          Warning

Event Source:          IAS

Event Category:          None

Event ID:          2

Date:                    1/31/2014

Time:                    10:40:37 AM

User:                    N/A

Computer:          XXXWIFI001

Description:

User PSA\xxxxxxxx was denied access.

Fully-Qualified-User-Name = <undetermined>

NAS-IP-Address = 172.27.1.164

NAS-Identifier = ap

Called-Station-Identifier = 18-9C-5D-4D-9E-70:INTERNAL3

Calling-Station-Identifier = 24-77-03-CB-44-68

Client-Friendly-Name = ap

Client-IP-Address = 172.27.1.164

NAS-Port-Type = Wireless - IEEE 802.11

NAS-Port = 508

Proxy-Policy-Name = <none>

Authentication-Provider = <undetermined>

Authentication-Server = <undetermined>

Policy-Name = <undetermined>

Authentication-Type = <undetermined>

EAP-Type = <undetermined>

Reason-Code = 49

Reason = The connection attempt did not match any connection request policy.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Data:

0000: 00 00 00 00  

Any clue?

Thanks

Attached is the AP's configuration.

Marcas (5)
1 RESPOSTA

Autonomous AP with EAP and Windows IAS server

Olá Fernando, você deve configurar uma politica no IAS permitindo que este usuário tenha acesso a rede.

Observe o log "User PSA\xxxxxxxx was denied access" e "Reason = The connection attempt did not match any connection request policy."

Crie uma politica no IAS permitindo este usuário acessar a rede.

116
Apresentações
0
Útil
1
Respostas
CriarFaça o para criar o conteúdo