Can't configure 802.1X AAA JUST on this model.
There no problems with 5300, 2600 series, but can bot configure 2524

Some DUMPs:
rad_recv: Access-Request packet from host 10.108.3.13:1026, id=41, length=207
Waking up in 5 seconds...
Thread 5 got semaphore
Thread 5 handling request 9, (2 handled so far)
Framed-MTU = 1480
NAS-IP-Address = 10.108.3.13
NAS-Identifier = "2524"
User-Name = "rab"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 15
NAS-Port-Type = Ethernet
NAS-Port-Id = "15"
Called-Station-Id = "00-11-0a-05-fc-ef"
Calling-Station-Id = "00-00-21-f0-6b-9b"
Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "13"
State = 0x09b0d678085b0012575040481beae6c7
EAP-Message = 0x020500061900
Message-Authenticator = 0xe39bf41a414d7be8de952780a08b7948
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 9
modcall[authorize]: module "preprocess" returns ok for request 9
modcall[authorize]: module "chap" returns noop for request 9
modcall[authorize]: module "mschap" returns noop for request 9
rlm_realm: No '@' in User-Name = "rab", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 9
rlm_eap: EAP packet type response id 5 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 9
users: Matched rab at 91
modcall[authorize]: module "files" returns ok for request 9
modcall: group authorize returns updated for request 9
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 9
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 9
modcall: group authenticate returns handled for request 9
Sending Access-Challenge of id 41 to 10.108.3.13:1026
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "0"
Tunnel-Type:0 = VLAN
EAP-Message = 0x010600061900
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x342fc911b358c7a06c75d060fbc777c0
Finished request 9
Going to the next request
Thread 5 waiting to be assigned a request


on switch:

2524(config)# show radius host 10.108.3.120

Status and Counters - RADIUS Server Information


Server IP Addr : 10.108.3.120

Authentication UDP Port : 1812         Accounting UDP Port  : 1813
Round Trip Time         : 1            Round Trip Time      : 0
Pending Requests        : 0            Pending Requests     : 0
Retransmissions         : 10           Retransmissions      : 0
Timeouts                : 10           Timeouts             : 0
Malformed Responses     : 0            Malformed Responses  : 0
Bad Authenticators      : 0            Bad Authenticators   : 0
Unknown Types           : 0            Unknown Types        : 0
Packets Dropped         : 1            Packets Dropped      : 0
Access Requests         : 41           Accounting Requests  : 0
Access Challenges       : 30           Accounting Responses : 0
Access Accepts          : 0
Access Rejects          : 10

in users.conf:

---
rab     Auth-Type := EAP, User-Password == "123"
      Tunnel-Medium-Type = IEEE-802,
      Tunnel-Private-Group-Id = 0,
      Tunnel-Type = VLAN
---

in eap.conf:
---
      eap {
              default_eap_type = md5
              timer_expire     = 60
              ignore_unknown_eap_types = no
              cisco_accounting_username_bug = no
              md5 {
              }
              leap {
              }
              gtc {
                      auth_type = PAP
              }
              tls {
                      private_key_password = whatever
                      private_key_file = ${raddbdir}/certs/cert-srv.pem
                      certificate_file = ${raddbdir}/certs/cert-srv.pem
                      CA_file = ${raddbdir}/certs/demoCA/cacert.pem
                      dh_file = ${raddbdir}/certs/dh
                      random_file = ${raddbdir}/certs/random
                    check_cert_cn = %{User-Name}
              }
               peap {
                      default_eap_type = mschapv2
              }

              mschapv2 {
              }
      }
---


Another session:
---
rad_recv: Access-Request packet from host 10.108.3.13:1026, id=51, length=207
Waking up in 31 seconds...
Thread 5 got semaphore
Thread 5 handling request 4, (1 handled so far)
Framed-MTU = 1480
NAS-IP-Address = 10.108.3.13
NAS-Identifier = "2524"
User-Name = "rab"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 15
NAS-Port-Type = Ethernet
NAS-Port-Id = "15"
Called-Station-Id = "00-11-0a-05-fc-ef"
Calling-Station-Id = "00-00-21-f0-6b-9b"
Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "13"
State = 0x6dbaa9f76144d783d075d00d6dcebd02
EAP-Message = 0x020600061900
Message-Authenticator = 0x2740f904a30a06cd07245331f51f1501
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 4
modcall[authorize]: module "preprocess" returns ok for request 4
modcall[authorize]: module "chap" returns noop for request 4
modcall[authorize]: module "mschap" returns noop for request 4
rlm_realm: No '@' in User-Name = "rab", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 4
rlm_eap: EAP packet type response id 6 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 4
users: Matched rab at 91
modcall[authorize]: module "files" returns ok for request 4
modcall: group authorize returns updated for request 4
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 4
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 4
modcall: group authenticate returns handled for request 4
Sending Access-Challenge of id 51 to 10.108.3.13:1026
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "13"
Tunnel-Type:0 = VLAN
EAP-Message = 0x010700061900
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x03ba567c36ffad5d0213388b4a507b20
Finished request 4


---

What another configs i must recheck? Who did this with PC 2524 ?

--
=============================
    Andrew Bogorodsky
=============================



--
=================================
       Andrew Bogorodsky
phone:  (095) 737-37-57 ext. 4441
Vimcom Optic TS, Moscow city, RUS
http://www.vimcom.ru/undes/si.htm
=================================


- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to