https://community.cisco.com/t5/network-access-control/no-radius-accept-request-received-on-radius-server/m-p/1567190#M311436 <P>Hi,</P><P></P><P>I'm trying to access my network through 802.1X Radius authentication. My PC is connected to a 2950 switch with following configuration:</P><P></P><P>aaa new-model</P><P>aaa authentication dot1x default group radius</P><P>dot1x system-auth-control</P><P>radius-server host 11.0.0.2 key Ralf</P><P></P><P>on interface level(connection to PC):</P><P>switchport mode access</P><P>switchport access vlan 8</P><P>dot1x port-control auto</P><P></P><P>on interface level(connection to Radius server):</P><P>switchport mode access</P><P>switchport access vlan 8</P><P></P><P>I enabled 802.1X authentication on my PC via the service 'Wired Autoconfig' and in the tab authentication (one of the tabs of the interface configuration)</P><P>I choose PEAP.</P><P></P><P>Result:</P><P>When I trace my PC-interface with Wireshark, I see an EAPOL- EAP-Request and a EAP-Response message. The next message in the flow should be a Radius-Accept-request message but it seems that this message is never sent. Although, when i open a 'debug radius' session on the switch, the logs are indicating that the accept-request message is sent. Strange because I see no message coming in on the Radius-server interface.</P><P></P><P>The Radius-server has IP-address 11.0.0.2 and my PC 11.0.0.3.</P><P></P><P>Does anybody see a reason why the Radius-Accept-Request message is not received on my Radius-server interface?</P><P></P><P>Kind regards,Ralf. </P> Mon, 11 Mar 2019 00:33:56 GMT MeirsmanRalf 2019-03-11T00:33:56Z https://community.cisco.com/t5/network-access-control/no-radius-accept-request-received-on-radius-server/m-p/1567190#M311436 <P>Hi,</P><P></P><P>I'm trying to access my network through 802.1X Radius authentication. My PC is connected to a 2950 switch with following configuration:</P><P></P><P>aaa new-model</P><P>aaa authentication dot1x default group radius</P><P>dot1x system-auth-control</P><P>radius-server host 11.0.0.2 key Ralf</P><P></P><P>on interface level(connection to PC):</P><P>switchport mode access</P><P>switchport access vlan 8</P><P>dot1x port-control auto</P><P></P><P>on interface level(connection to Radius server):</P><P>switchport mode access</P><P>switchport access vlan 8</P><P></P><P>I enabled 802.1X authentication on my PC via the service 'Wired Autoconfig' and in the tab authentication (one of the tabs of the interface configuration)</P><P>I choose PEAP.</P><P></P><P>Result:</P><P>When I trace my PC-interface with Wireshark, I see an EAPOL- EAP-Request and a EAP-Response message. The next message in the flow should be a Radius-Accept-request message but it seems that this message is never sent. Although, when i open a 'debug radius' session on the switch, the logs are indicating that the accept-request message is sent. Strange because I see no message coming in on the Radius-server interface.</P><P></P><P>The Radius-server has IP-address 11.0.0.2 and my PC 11.0.0.3.</P><P></P><P>Does anybody see a reason why the Radius-Accept-Request message is not received on my Radius-server interface?</P><P></P><P>Kind regards,Ralf. </P> Mon, 11 Mar 2019 00:33:56 GMT https://community.cisco.com/t5/network-access-control/no-radius-accept-request-received-on-radius-server/m-p/1567190#M311436 MeirsmanRalf 2019-03-11T00:33:56Z https://community.cisco.com/t5/network-access-control/no-radius-accept-request-received-on-radius-server/m-p/1567191#M311445 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>When using PEAP, the authnetication is not as simple as that.</P><P></P><P>This is the PEAP authentication process:</P><P><IMG src="https://community.cisco.com/" /><IMG alt="http://layer3.files.wordpress.com/2009/08/wireless-security-peap.jpg" class="jive-image" height="464" src="http://layer3.files.wordpress.com/2009/08/wireless-security-peap.jpg" width="602" /></P><P></P><P></P><P>Here you can see the switch as the AP.</P><P>So, after the first&nbsp; EAP-Response message, the ACS must reply with an Access-Challenge containing the EAP-TLS start, so the encryption tunnel can be started.</P><P></P><P>One possible reason for this not to happen is simply because the ACS does not support PEAP and/or does not conatin the server certificate needed to build the TLS tunnel.</P><P></P><P></P><P>HTH,</P><P>Tiago</P><P></P><DIV class="jive-rendered-content"><DIV class="jive-rendered-content"><P>--</P><P>If&nbsp; this helps you and/or answers your question please mark the question as&nbsp; "answered" and/or rate it, so other users can easily find it.</P></DIV></DIV></BODY></HTML> Thu, 11 Nov 2010 12:13:55 GMT https://community.cisco.com/t5/network-access-control/no-radius-accept-request-received-on-radius-server/m-p/1567191#M311445 Tiago Antunes 2010-11-11T12:13:55Z https://community.cisco.com/t5/network-access-control/no-radius-accept-request-received-on-radius-server/m-p/1567192#M311480 <HTML><HEAD></HEAD><BODY><P>I found a solution to my problem. I administered an IP-adress for the VLAN-interface on the switch:</P><P></P><P>int vlan 8</P><P>ip address 11.0.0.4 255.255.255.0</P><P></P><P>Apparentlt the switch needs an IP-address to send the Radius-accept-request from.</P><P></P><P>Next step is to get a Radius-server running and get the PC authenticated.</P></BODY></HTML> Thu, 11 Nov 2010 20:28:44 GMT https://community.cisco.com/t5/network-access-control/no-radius-accept-request-received-on-radius-server/m-p/1567192#M311480 MeirsmanRalf 2010-11-11T20:28:44Z