Has anyone here had any experience with the Aironet 1200 /
TLS-PEAP / FreeRADIUS combination of hardware/software? For some reason,
the Aironet is not trying to communicate with FreeRADIUS (radiusd –XX
shows no communication attempts). I know this is leaning more towards a Cisco
problem, but I’ve tried posting to several lists and no one seems to know
(or cares to respond). If anyone could help me out it would be greatly
appreciated. Below is the debug output from the Cisco AP, and below that is the
AP configuration. I would post the FreeRADIUS debug stuff, but there is
none (no communication attempts).
Thanks Again,
Ladd
Jun 3 21:41:18.200: dot11_auth_add_client_entry: Create new client
000c.4138.ccd9
Jun 3 21:41:18.201: dot11_auth_initialize_client: 000c.4138.ccd9 is added to
the client list
Jun 3 21:41:18.201: dot11_auth_add_client_entry: req->auth_type 0
Jun 3 21:41:18.201: dot11_auth_add_client_entry: auth_methods_inprocess: 2
Jun 3 21:41:18.202: dot11_auth_add_client_entry: eap list name: eap_methods
Jun 3 21:41:18.202: dot11_run_auth_methods: Start auth method EAP or LEAP
Jun 3 21:41:18.202: dot11_auth_dot1x_start: in the dot11_auth_dot1x_start
Jun 3 21:41:18.202: dot11_auth_dot1x_send_id_req_to_client: sending identity
request for 000c.4138.ccd9
Jun 3 21:41:18.202: EAPOL pak dump tx
Jun 3 21:41:18.202: EAPOL Version: 0x1 type: 0x0 length: 0x0005
Jun 3 21:41:18.202: EAP code: 0x1 id: 0x1 length: 0x0005 type: 0x1
00E00680: 01000005 01010005 01 .........
Jun 3 21:41:18.202: dot11_auth_send_msg: sending data to requestor status 1
Jun 3 21:41:18.202: dot11_auth_send_msg: Sending EAPOL to requestor
Jun 3 21:41:18.203: dot11_auth_dot1x_send_id_req_to_client: Started timer
client_timeout 30 seconds
Jun 3 21:41:18.208: dot11_auth_parse_client_pak: Received EAPOL packet from
000c.4138.ccd9
Jun 3 21:41:18.208: EAPOL pak dump rx
Jun 3 21:41:18.208: EAPOL Version: 0x1 type: 0x1 length: 0x0000
00E12800: 01010000 ....
Jun 3 21:41:18.208: dot11_auth_dot1x_run_rfsm: Executing
Action(CLIENT_WAIT,EAP_START) for 000c.4138.ccd9
Jun 3 21:41:18.208: dot11_auth_dot1x_send_id_req_to_client: sending identity
request for 000c.4138.ccd9
Jun 3 21:41:18.208: EAPOL pak dump tx
Jun 3 21:41:18.208: EAPOL Version: 0x1 type: 0x0 length: 0x0005
Jun 3 21:41:18.208: EAP code: 0x1 id: 0x2 length: 0x0005 type: 0x1
00E002E0: 01000005 01020005 ........
00E002F0: 01 .
Jun 3 21:41:18.209: dot11_auth_send_msg: sending data to requestor status 1
Jun 3 21:41:18.209: dot11_auth_send_msg: Sending EAPOL to requestor
Jun 3 21:41:18.209: dot11_auth_dot1x_send_id_req_to_client: Started timer
client_timeout 30 seconds
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec localtime show-timezone
service password-encryption
!
hostname ap
!
logging queue-limit 100
enable secret 5 xxx
!
username Cisco password 7 xxx
clock timezone S -6
clock summer-time S recurring
ip subnet-zero
!
aaa new-model
!
!
aaa group server radius rad_eap
server xxx.xxx.17.103 auth-port 1812 acct-port 1813
!
aaa group server radius rad_mac
!
aaa group server radius rad_acct
!
aaa group server radius rad_admin
!
aaa group server tacacs+ tac_admin
!
aaa group server radius rad_pmip
!
aaa group server radius dummy
!
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authorization exec default local
aaa authorization ipmobile default group rad_pmip
aaa accounting network acct_methods start-stop group rad_acct
aaa session-id common
!
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption key 1 size 128bit 7 xxx transmit-key
encryption mode ciphers tkip wep128
!
ssid tsunami
authentication open eap eap_methods
authentication network-eap eap_methods
guest-mode
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0
36.0 48.0 54.0
rts threshold 2312
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface FastEthernet0
no ip address
no ip route-cache
speed auto
full-duplex
ntp broadcast client
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface BVI1
ip address dhcp client-id FastEthernet0
no ip route-cache
!
ip http server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag/122-15.JA/1100
ip radius source-interface BVI1
radius-server local
!
radius-server attribute 32 include-in-access-req format %h
radius-server host xxx.xxx.17.103 auth-port 1812 acct-port 1813 key 7 xxx
radius-server authorization permit missing Service-Type
radius-server vsa send accounting
bridge 1 route ip
!
!
!
line con 0
line vty 5 15
!
ntp clock-period 2860630
ntp server xxx.xxx.32.1
end
Ladd J. Epp
Information Specialist
The University
of Kansas
785-864-0460
|
