11-16-2012 01:01 PM - edited 03-10-2019 07:47 PM
Hello all. I have windows 7 clients (supplicants), D-link access point (authenticator), Cisco acs 5.2 virtual appliance with evalution license (acts as authentication server - Radius server). I want to setup EAP authentication (PEAP) that users will be able connect to Wireless LAN with login-password. I've done some configurations, but I did not get any result. in ACS 5.2 I get this error message:
11014 RADIUS packet contains invalid attribute(s): RADIUS Request dropped
One of the attributes in the RADIUS packet did not parse correctly
Please, help me for solving this problem.
11-17-2012 08:53 PM
Hi.
I have the same problem with ACS 4.2 and TP-link AP, i try to use it without certificate authority, I only need login with user and password.
11-17-2012 10:01 PM
I just resolve my problem.
in
Interface Configuration > Radius (Microsoft)
enable all checks. Then in Group Setup.
In the group where my user is asign enable all checks in Section
Microsoft RADIUS Attributes
The authentication whitout certificate and TP-link was sucessfull in Iphone, Mac OS, android phone and windows.
This whit ACS 4.2.
The Device in Network Configuration use Radius (IETF).
My next test is use this configuration but with Catalyst and IBSN.
12-02-2012 10:59 AM
I changed Authorization Profile to default 'Permit Access' in Access Policies -> Authorization -> Rule.
And solved.
But you need eap certificate for peap-mschapv2 authentification.
The problem is: If Client (supplicant) does not validate a Radius server certificate for creating eap tunnel, it does not connect.
What i did?
In windows xp and windows 7 clients I unchecked 'Validate certificate' option and get successfull connection.
But in Iphone, android phones, tablets etc. I don't know what to do.
I think that it is not true solution.
May be I should by a certificate (for example, from VeriSign) that validates all systems?
12-02-2012 03:45 PM
In Android Iphone and MAC OS, in my situation the devices negotiate automatic without certificate, do you enable in
Allow "EAP-MSCHAPv2" and "Allow EAP-GTC" in System configuration > Global Authentication Setup?
12-23-2012 05:51 AM
You are right. No need certificate in android. Its connected
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide