- Cisco Community
- Technology and Support
- Security
- Network Access Control
- dot1x authorization failing
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
dot1x authorization failing
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-12-2013 04:18 AM - edited 03-10-2019 09:11 PM
Hi all,
I'm having an issue on my network where intermittently users are being denied access to the network because dot1x authorization is failing (at least that's what it looks like). I'm mainly seeing this on Windows wired clients, but I think that it is happening for all clients, however wireless and mac devices seem to just keep trying with the credentials until they are eventually allowed onto the network.
It started happening across the network simultaneously, so I don't think it is down to a config problem on the endpoint switches, and I'm failry sure that there was no config change on the core switch around the time that this started occuring.
I can see access-accept packets being sent from the radius server, and then received by the switch, but the device is still not allowed onto the network.
To rule it out I setup a new radius server, and mysql database backend, and I'm still seeing the problem, albeit not as often.
I have radius debug snippets from a (C2960-LANBASE-M), Version 12.2(35)SE5 switch below:
1w3d: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/2, changed state to down
1w3d: RADIUS(00000078): Storing nasport 50002 in rad_db
1w3d: RADIUS(00000078): Config NAS IP: 0.0.0.0
1w3d: RADIUS/ENCODE(00000078): acct_session_id: 120
1w3d: RADIUS(00000078): sending
1w3d: RADIUS/ENCODE: Best Local IP-Address 10.1.1.102 for Radius-Server 10.1.3.7
1w3d: RADIUS(00000078): Send Access-Request to 10.1.3.7:1812 id 1645/227, len 152
1w3d: RADIUS: authenticator 6F 64 81 F2 E2 F1 9A 22 - A0 6E A5 6E 6B CC 69 E6
1w3d: RADIUS: User-Name [1] 9 "testuser"
1w3d: RADIUS: Service-Type [6] 6 Framed [2]
1w3d: RADIUS: Framed-MTU [12] 6 1500
1w3d: RADIUS: Called-Station-Id [30] 19 "00-1E-49-99-B5-82"
1w3d: RADIUS: Calling-Station-Id [31] 19 "00-24-54-42-86-04"
1w3d: RADIUS: EAP-Message [79] 14
1w3d: RADIUS: 02 02 00 0C 01 73 6D 31 38 38 31 38 [?????testuser]
1w3d: RADIUS: Message-Authenticato[80] 18
1w3d: RADIUS: C9 08 3B C0 5B 4F 16 9A F0 77 26 00 4A CA 4C B2 [??;?[O???w&?J?L?]
1w3d: RADIUS: NAS-Port-Type [61] 6 Eth [15]
1w3d: RADIUS: Vendor, Cisco [26] 23
1w3d: RADIUS: cisco-nas-port [2] 17 "FastEthernet0/2"
1w3d: RADIUS: NAS-Port [5] 6 50002
1w3d: RADIUS: NAS-IP-Address [4] 6 10.1.1.102
1w3d: RADIUS: Received from id 1645/227 10.1.3.7:1812, Access-Challenge, len 64
1w3d: RADIUS: authenticator F8 58 D9 B4 CE CB 56 4B - 83 1E A6 2A DD 78 9A FB
1w3d: RADIUS: EAP-Message [79] 8
1w3d: RADIUS: 01 03 00 06 19 20 [????? ]
1w3d: RADIUS: Message-Authenticato[80] 18
1w3d: RADIUS: 56 5C 9F F3 88 CC AF 69 B7 E4 86 08 EE E5 1A D0 [V\?????i????????]
1w3d: RADIUS: State [24] 18
1w3d: RADIUS: 63 54 DA 66 63 57 C3 E0 F5 89 40 0D 9A B2 01 A8 [cT?fcW????@?????]
1w3d: RADIUS(00000078): Received from id 1645/227
1w3d: RADIUS/DECODE: EAP-Message fragments, 6, total 6 bytes
1w3d: RADIUS(00000078): Using existing nas_port 50002
1w3d: RADIUS(00000078): Config NAS IP: 0.0.0.0
1w3d: RADIUS/ENCODE(00000078): acct_session_id: 120
1w3d: RADIUS(00000078): sending
1w3d: RADIUS/ENCODE: Best Local IP-Address 10.1.1.102 for Radius-Server 10.1.3.7
1w3d: RADIUS(00000078): Send Access-Request to 10.1.3.7:1812 id 1645/228, len 263
1w3d: RADIUS: authenticator DC A6 B7 91 BB 47 41 C5 - 13 2E 8C 9B 24 87 5E 43
1w3d: RADIUS: User-Name [1] 9 "testuser"
1w3d: RADIUS: Service-Type [6] 6 Framed [2]
1w3d: RADIUS: Framed-MTU [12] 6 1500
1w3d: RADIUS: Called-Station-Id [30] 19 "00-1E-49-99-B5-82"
1w3d: RADIUS: Calling-Station-Id [31] 19 "00-24-54-42-86-04"
1w3d: RADIUS: EAP-Message [79] 107
1w3d: RADIUS: 02 03 00 69 19 80 00 00 00 5F 16 03 01 00 5A 01 [???i?????_????Z?]
1w3d: RADIUS: 00 00 56 03 01 52 A9 A8 AF 29 75 C0 12 2D 9C F3 [??V??R???)u??-??]
1w3d: RADIUS: EB E5 BC 0A 0D 73 E4 5D 50 A7 E1 E4 E0 04 18 AB [?????s?]P???????]
1w3d: RADIUS: F8 E6 63 D7 9A 00 00 18 00 2F 00 35 00 05 00 0A [??c??????/?5????]
1w3d: RADIUS: C0 13 C0 14 C0 09 C0 0A 00 32 00 38 00 13 00 04 [?????????2?8????]
1w3d: RADIUS: 01 00 00 15 FF 01 00 01 00 00 0A 00 06 00 04 00 [????????????????]
1w3d: RADIUS: 17 00 18 00 0B 00 02 01 00 [?????????]
1w3d: RADIUS: Message-Authenticato[80] 18
1w3d: RADIUS: 0D BC 2B 98 5A 1F 43 CE E5 C1 07 97 69 83 E6 D7 [??+?Z?C?????i???]
1w3d: RADIUS: NAS-Port-Type [61] 6 Eth [15]
1w3d: RADIUS: Vendor, Cisco [26] 23
1w3d: RADIUS: cisco-nas-port [2] 17 "FastEthernet0/2"
1w3d: RADIUS: NAS-Port [5] 6 50002
1w3d: RADIUS: State [24] 18
1w3d: RADIUS: 63 54 DA 66 63 57 C3 E0 F5 89 40 0D 9A B2 01 A8 [cT?fcW????@?????]
1w3d: RADIUS: NAS-IP-Address [4] 6 10.1.1.102
1w3d: RADIUS: Received from id 1645/228 10.1.3.7:1812, Access-Challenge, len 1090
1w3d: RADIUS: authenticator F6 24 FE 39 36 16 4E 19 - 3E C6 9D E3 C2 F0 89 BB
1w3d: RADIUS: EAP-Message [79] 255
1w3d: RADIUS: 01 04 04 00 19 C0 00 00 04 DF 16 03 01 00 31 02 [??????????????1?]
1w3d: RADIUS: 00 00 2D 03 01 52 A9 A8 9D FE 62 3A 30 5A 48 37 [??-??R????b:0ZH7]
1w3d: RADIUS: 21 EA 47 66 58 3B 82 43 3E BE 53 89 55 2D 22 A4 [!?GfX;?C>?S?U-"?]
1w3d: RADIUS: A9 32 C3 DD 1A 00 00 2F 00 00 05 FF 01 00 01 00 [?2?????/????????]
1w3d: RADIUS: 16 03 01 04 9B 0B 00 04 97 00 04 94 00 04 91 30 [???????????????0]
1w3d: RADIUS: 82 04 8D 30 82 03 75 A0 03 02 01 02 02 09 00 CD [???0??u?????????]
1w3d: RADIUS: 16 44 FD FF A8 E4 68 30 0D 06 09 2A 86 48 86 F7 [?D????h0???*?H??]
1w3d: RADIUS: 0D 01 01 05 05 00 30 76 31 0B 30 09 06 03 55 04 [??????0v1?0???U?]
1w3d: RADIUS: 06 13 02 43 41 31 0B 30 09 06 03 55 04 08 13 02 [???CA1?0???U????]
1w3d: RADIUS: 51 43 31 11 30 0F 06 03 55 04 07 13 08 4D 6F 6E [QC1?0???U????Mon]
1w3d: RADIUS: 74 72 65 61 6C 31 10 30 0E 06 03 55 04 0A 13 07 [treal1?0???U????]
1w3d: RADIUS: 49 6E 76 65 72 73 65 31 12 30 10 06 03 55 04 03 [Inverse1?0???U??]
1w3d: RADIUS: 13 09 31 32 37 2E 30 2E 30 2E 31 31 21 30 1F 06 [??127.0.0.11!0??]
1w3d: RADIUS: 09 2A 86 48 86 F7 0D 01 09 01 16 12 73 75 70 70 [?*?H????????supp]
1w3d: RADIUS: 6F 72 74 40 69 6E 76 65 72 73 65 2E 63 61 30 1E [ort@inverse.ca0?]
1w3d: RADIUS: 17 0D 31 33 31 32 31 31 31 34 32 34 33 [??13121114243]
1w3d: RADIUS: EAP-Message [79] 255
1w3d: RADIUS: 39 5A 17 0D 31 34 31 32 31 31 31 34 32 34 33 39 [9Z??141211142439]
1w3d: RADIUS: 5A 30 76 31 0B 30 09 06 03 55 04 06 13 02 43 41 [Z0v1?0???U????CA]
1w3d: RADIUS: 31 0B 30 09 06 03 55 04 08 13 02 51 43 31 11 30 [1?0???U????QC1?0]
1w3d: RADIUS: 0F 06 03 55 04 07 13 08 4D 6F 6E 74 72 65 61 6C [???U????Montreal]
1w3d: RADIUS: 31 10 30 0E 06 03 55 04 0A 13 07 49 6E 76 65 72 [1?0???U????Inver]
1w3d: RADIUS: 73 65 31 12 30 10 06 03 55 04 03 13 09 31 32 37 [se1?0???U????127]
1w3d: RADIUS: 2E 30 2E 30 2E 31 31 21 30 1F 06 09 2A 86 48 86 [.0.0.11!0???*?H?]
1w3d: RADIUS: F7 0D 01 09 01 16 12 73 75 70 70 6F 72 74 40 69 [???????support@i]
1w3d: RADIUS: 6E 76 65 72 73 65 2E 63 61 30 82 01 22 30 0D 06 [nverse.ca0??"0??]
1w3d: RADIUS: 09 2A 86 48 86 F7 0D 01 01 01 05 00 03 82 01 0F [?*?H????????????]
1w3d: RADIUS: 00 30 82 01 0A 02 82 01 01 00 B9 83 DC 55 26 33 [?0???????????U&3]
1w3d: RADIUS: F9 EC 71 64 75 13 6B 95 8E 2A DC E1 5F A5 F8 89 [??qdu?k??*??_???]
1w3d: RADIUS: 4D 2C 4B 88 F1 9F F5 B1 59 B2 22 50 B1 A0 C5 D5 [M,K?????Y?"P????]
1w3d: RADIUS: 21 6D 0E 66 FF 87 1A 0B 39 3A 23 1A 16 40 15 BC [!m?f????9:#??@??]
1w3d: RADIUS: 15 2A 62 E1 F5 C1 D8 82 99 91 4F F2 6C 30 79 86 [?*b???????O?l0y?]
1w3d: RADIUS: 3C EA 2F 48 B4 6C 8D 31 A0 3E 62 BF 1C [<?/H?l?1?>b??]
1w3d: RADIUS: EAP-Message [79] 255
1w3d: RADIUS: 09 43 B5 17 69 27 52 F5 10 12 92 B0 B7 9E 50 8C [?C??i'R???????P?]
1w3d: RADIUS: 67 99 4A 18 D4 DE 6B 3E 1E 1D D4 D4 DF 6A 25 24 [g?J???k>?????j?$]
1w3d: RADIUS: 58 9B C2 9F 9C 4B E2 22 22 45 5E 54 BD E2 E2 A3 [X????K?""E^T????]
1w3d: RADIUS: 36 95 5C D6 35 15 03 21 B6 55 44 85 5A 27 01 A3 [6?\?5??!?UD?Z'??]
1w3d: RADIUS: B9 17 FB 02 E9 1B EB AF DD A0 A4 93 C6 C4 F6 7D [???????????????}]
1w3d: RADIUS: FB 12 EE 14 DD 09 FA 55 0C 8E F1 53 61 58 9C CC [???????U???SaX??]
1w3d: RADIUS: 25 D4 85 84 4C 5B 1F 25 36 E2 2B 98 4E 2E AD A0 [????L[??6?+?N.??]
1w3d: RADIUS: 97 0F 97 44 0B 84 22 B0 5C F5 35 35 8F 18 9A 91 [???D??"?\?55????]
1w3d: RADIUS: FA 00 E9 26 6B A0 1B D6 A0 0B 49 95 2A E1 62 A1 [???&k?????I?*?b?]
1w3d: RADIUS: A9 3A 58 9C 3B C3 8C 9E 26 58 E9 85 D4 81 06 EC [?:X?;???&X??????]
1w3d: RADIUS: C2 C0 8E 8C AD D8 4E 8A 5C 95 9A D1 0D 02 03 01 [??????N?\???????]
1w3d: RADIUS: 00 01 A3 82 01 1C 30 82 01 18 30 1D 06 03 55 1D [??????0???0???U?]
1w3d: RADIUS: 0E 04 16 04 14 4B 4A 18 31 6E EA 51 1A D1 0B C9 [?????KJ?1n?Q????]
1w3d: RADIUS: F3 38 80 42 86 73 6C 10 BC 30 81 A8 06 03 55 1D [?8?B?sl??0????U?]
1w3d: RADIUS: 23 04 81 A0 30 81 9D 80 14 4B 4A 18 31 6E EA 51 [#???0????KJ?1n?Q]
1w3d: RADIUS: 1A D1 0B C9 F3 38 80 42 86 73 6C 10 BC [?????8?B?sl??]
1w3d: RADIUS: EAP-Message [79] 255
1w3d: RADIUS: A1 7A A4 78 30 76 31 0B 30 09 06 03 55 04 06 13 [?z?x0v1?0???U???]
1w3d: RADIUS: 02 43 41 31 0B 30 09 06 03 55 04 08 13 02 51 43 [?CA1?0???U????QC]
1w3d: RADIUS: 31 11 30 0F 06 03 55 04 07 13 08 4D 6F 6E 74 72 [1?0???U????Montr]
1w3d: RADIUS: 65 61 6C 31 10 30 0E 06 03 55 04 0A 13 07 49 6E [eal1?0???U????In]
1w3d: RADIUS: 76 65 72 73 65 31 12 30 10 06 03 55 04 03 13 09 [verse1?0???U????]
1w3d: RADIUS: 31 32 37 2E 30 2E 30 2E 31 31 21 30 1F 06 09 2A [127.0.0.11!0???*]
1w3d: RADIUS: 86 48 86 F7 0D 01 09 01 16 12 73 75 70 70 6F 72 [?H????????suppor]
1w3d: RADIUS: 74 40 69 6E 76 65 72 73 65 2E 63 61 82 09 00 CD [t@inverse.ca????]
1w3d: RADIUS: 16 44 FD FF A8 E4 68 30 0C 06 03 55 1D 13 01 01 [?D????h0???U????]
1w3d: RADIUS: FF 04 02 30 00 30 09 06 03 55 1D 12 04 02 30 00 [???0?0???U????0?]
1w3d: RADIUS: 30 0B 06 03 55 1D 0F 04 04 03 02 05 E0 30 13 06 [0???U????????0??]
1w3d: RADIUS: 03 55 1D 25 04 0C 30 0A 06 08 2B 06 01 05 05 07 [?U????0???+?????]
1w3d: RADIUS: 03 01 30 11 06 09 60 86 48 01 86 F8 42 01 01 04 [??0???`?H???B???]
1w3d: RADIUS: 04 03 02 06 40 30 0D 06 09 2A 86 48 86 F7 0D 01 [????@0???*?H????]
1w3d: RADIUS: 01 05 05 00 03 82 01 01 00 19 18 51 11 82 81 E4 [???????????Q????]
1w3d: RADIUS: D6 A5 D6 77 5F C3 FF 06 3C 3C F7 F0 22 [???w_???<<??"]
1w3d: RADIUS: EAP-Message [79] 14
1w3d: RADIUS: 5E 1E DB 98 27 61 5D DD 5D 78 0D F0 [^???'a]?]x??]
1w3d: RADIUS: Message-Authenticato[80] 18
1w3d: RADIUS: C1 8F 24 FA 11 52 8B 39 69 51 14 C0 41 C3 9D DA [??$??R?9iQ??A???]
1w3d: RADIUS: State [24] 18
1w3d: RADIUS: 63 54 DA 66 62 50 C3 E0 F5 89 40 0D 9A B2 01 A8 [cT?fbP????@?????]
1w3d: RADIUS(00000078): Received from id 1645/228
1w3d: RADIUS/DECODE: EAP-Message fragments, 253+253+253+253+12, total 1024 bytes
1w3d: RADIUS(00000078): Using existing nas_port 50002
1w3d: RADIUS(00000078): Config NAS IP: 0.0.0.0
1w3d: RADIUS/ENCODE(00000078): acct_session_id: 120
1w3d: RADIUS(00000078): sending
1w3d: RADIUS/ENCODE: Best Local IP-Address 10.1.1.102 for Radius-Server 10.1.3.7
1w3d: RADIUS(00000078): Send Access-Request to 10.1.3.7:1812 id 1645/229, len 164
1w3d: RADIUS: authenticator C9 1C 11 60 1D 24 81 FF - 52 88 BB 53 9F 41 D5 E8
1w3d: RADIUS: User-Name [1] 9 "testuser"
1w3d: RADIUS: Service-Type [6] 6 Framed [2]
1w3d: RADIUS: Framed-MTU [12] 6 1500
1w3d: RADIUS: Called-Station-Id [30] 19 "00-1E-49-99-B5-82"
1w3d: RADIUS: Calling-Station-Id [31] 19 "00-24-54-42-86-04"
1w3d: RADIUS: EAP-Message [79] 8
1w3d: RADIUS: 02 04 00 06 19 00 [??????]
1w3d: RADIUS: Message-Authenticato[80] 18
1w3d: RADIUS: 55 7E 93 2E 8E 0B 22 8F 28 ED 55 5C 14 74 D4 3B [U~?.??"?(?U\?t?;]
1w3d: RADIUS: NAS-Port-Type [61] 6 Eth [15]
1w3d: RADIUS: Vendor, Cisco [26] 23
1w3d: RADIUS: cisco-nas-port [2] 17 "FastEthernet0/2"
1w3d: RADIUS: NAS-Port [5] 6 50002
1w3d: RADIUS: State [24] 18
1w3d: RADIUS: 63 54 DA 66 62 50 C3 E0 F5 89 40 0D 9A B2 01 A8 [cT?fbP????@?????]
1w3d: RADIUS: NAS-IP-Address [4] 6 10.1.1.102
1w3d: RADIUS: Received from id 1645/229 10.1.3.7:1812, Access-Challenge, len 297
1w3d: RADIUS: authenticator 6E 3F 5A 98 E4 F8 FF D4 - 50 AC 85 77 22 97 76 82
1w3d: RADIUS: EAP-Message [79] 241
1w3d: RADIUS: 01 05 00 EF 19 00 B0 BA 30 BE ED 4D 88 C6 62 66 [????????0??M??bf]
1w3d: RADIUS: 95 20 57 A7 D4 AE 5D 3A C4 B3 77 D9 F6 72 BA AF [? W???]:??w??r??]
1w3d: RADIUS: 3D 25 C5 03 15 71 BB 7A 69 01 A1 78 0F CB 13 82 [=????q?zi??x????]
1w3d: RADIUS: 1D 83 40 A8 2C 88 07 9B 2B 9E 6B 5C 8E F3 94 96 [??@?,???+?k\????]
1w3d: RADIUS: 94 D3 FA 3A 94 09 F7 89 01 CD 85 2F 95 F6 23 7F [???:???????/??#?]
1w3d: RADIUS: 60 DD 53 ED 16 84 49 CA 4D 5E 61 8C 22 1F DD 3F [`?S???I?M^a?"???]
1w3d: RADIUS: 72 B0 3B 92 BB 00 D8 85 29 10 A1 D9 18 2C 8A DD [r?;?????)????,??]
1w3d: RADIUS: D8 EC 14 FD 2B 41 D8 62 9D 9B 5B CD 21 EC E3 4A [????+A?b??[?!??J]
1w3d: RADIUS: DB F7 75 71 F2 87 37 3A 26 A8 71 6E 1D 7C 43 6E [??uq??7:&?qn?|Cn]
1w3d: RADIUS: 0E 83 E4 94 7B 74 A0 E7 93 B0 37 88 A7 F0 EF 2B [????{t????7????+]
1w3d: RADIUS: 38 14 F6 61 ED 75 83 B8 07 9F 77 C5 6E 19 67 04 [8??a?u????w?n?g?]
1w3d: RADIUS: BD 8A E1 4C E6 ED A1 F4 0C 46 02 10 C3 5C 2A 22 [???L?????F???\*"]
1w3d: RADIUS: ED 8F F1 E8 DA 03 08 CB D0 00 20 B0 1C B2 BB 61 [?????????? ????a]
1w3d: RADIUS: E7 2C E6 C0 36 B0 3D 19 33 F5 0A D2 5D 95 FE 52 [?,??6?=?3???]??R]
1w3d: RADIUS: 63 30 61 3D 4F A7 16 03 01 00 04 0E 00 00 00 [c0a=O??????????]
1w3d: RADIUS: Message-Authenticato[80] 18
1w3d: RADIUS: A0 E7 47 99 CD B6 76 96 83 67 A8 3B 9B 2D 40 92 [??G???v??g?;?-@?]
1w3d: RADIUS: State [24] 18
1w3d: RADIUS: 63 54 DA 66 61 51 C3 E0 F5 89 40 0D 9A B2 01 A8 [cT?faQ????@?????]
1w3d: RADIUS(00000078): Received from id 1645/229
1w3d: RADIUS/DECODE: EAP-Message fragments, 239, total 239 bytes
1w3d: RADIUS/ENCODE: EAP-Message fragment 336 into 253+83, total 336 bytes
1w3d: RADIUS(00000078): Using existing nas_port 50002
1w3d: RADIUS(00000078): Config NAS IP: 0.0.0.0
1w3d: RADIUS/ENCODE(00000078): acct_session_id: 120
1w3d: RADIUS(00000078): sending
1w3d: RADIUS/ENCODE: Best Local IP-Address 10.1.1.102 for Radius-Server 10.1.3.7
1w3d: RADIUS(00000078): Send Access-Request to 10.1.3.7:1812 id 1645/230, len 496
1w3d: RADIUS: authenticator 03 51 63 4C 7F 33 F6 61 - 92 D4 04 C5 B6 9F F2 77
1w3d: RADIUS: User-Name [1] 9 "testuser"
1w3d: RADIUS: Service-Type [6] 6 Framed [2]
1w3d: RADIUS: Framed-MTU [12] 6 1500
1w3d: RADIUS: Called-Station-Id [30] 19 "00-1E-49-99-B5-82"
1w3d: RADIUS: Calling-Station-Id [31] 19 "00-24-54-42-86-04"
1w3d: RADIUS: EAP-Message [79] 255
1w3d: RADIUS: 02 05 01 50 19 80 00 00 01 46 16 03 01 01 06 10 [???P?????F??????]
1w3d: RADIUS: 00 01 02 01 00 2D AD 4B A7 78 99 1E C4 75 1E B4 [?????-?K?x???u??]
1w3d: RADIUS: C3 35 F4 5E 88 9F 37 BA B2 24 95 B9 70 30 60 32 [?5?^??7??$??p0`2]
1w3d: RADIUS: EE 3B 02 9E A6 31 63 2F C8 00 EF 21 86 53 F1 2B [?;???1c/???!?S?+]
1w3d: RADIUS: 01 3F 5E F6 A1 8F D0 4A 0D 70 18 0A 46 22 94 4E [??^????J?p??F"?N]
1w3d: RADIUS: 18 21 61 E1 B4 98 00 F5 81 FD A0 B7 BE D9 07 07 [?!a?????????????]
1w3d: RADIUS: 0B 8A EB 09 5F 9E 12 D9 07 17 4F 4F C0 6F 5A 23 [????_?????OO?oZ#]
1w3d: RADIUS: 2F 70 7C B0 8C CB B8 1C 35 7C 92 83 8B 0E 08 89 [/p|?????5|??????]
1w3d: RADIUS: AE AA 96 E7 B2 1D C7 70 CB 2E 7A 20 76 EC E4 85 [???????p?.z v???]
1w3d: RADIUS: A2 10 74 67 B0 BB 34 7C 8D 3F 4B A0 BB F1 1A 82 [??tg??4|??K?????]
1w3d: RADIUS: 7A 63 6B 77 91 A6 57 4D 87 E9 C9 66 4E 23 7C DD [zckw??WM???fN#|?]
1w3d: RADIUS: E7 3B 24 00 66 1C 29 0C 34 4A F3 F4 A9 F3 85 62 [?;$?f?)?4J?????b]
1w3d: RADIUS: F0 EE CF F8 C1 62 12 54 EE 7C BC 85 42 B7 6D A2 [?????b?T?|??B?m?]
1w3d: RADIUS: 8A BC C2 3A B3 C7 2F 7F 9C 51 12 2B 6E 0E 10 E4 [???:??/??Q?+n???]
1w3d: RADIUS: 63 2A 5A DB 3A F3 53 3D 37 D8 6E A0 8F 41 89 BE [c*Z?:?S=7?n??A??]
1w3d: RADIUS: 1E B4 A8 81 E9 29 CA 48 12 B2 7A 3F FB [?????)?H??z??]
1w3d: RADIUS: EAP-Message [79] 85
1w3d: RADIUS: 9C 6E 34 97 3A A2 50 50 A8 B8 C4 3B C7 2F CE 47 [?n4?:?PP???;?/?G]
1w3d: RADIUS: E5 EA FB 97 88 07 C5 C3 14 03 01 00 01 01 16 03 [????????????????]
1w3d: RADIUS: 01 00 30 03 84 21 31 46 92 E3 7B C2 38 C3 4C 0E [??0??!1F??{?8?L?]
1w3d: RADIUS: 78 9D 3E 03 22 72 86 D1 21 E6 A7 4C 4F F9 0E F4 [x?>?"r??!??LO???]
1w3d: RADIUS: 06 53 77 09 6C 95 7B 5B 29 27 16 FD 07 68 A4 57 [?Sw?l?{[)'???h?W]
1w3d: RADIUS: 10 57 74 [?Wt]
1w3d: RADIUS: Message-Authenticato[80] 18
1w3d: RADIUS: 83 89 35 02 33 9A 11 19 23 E7 90 41 E6 78 F6 89 [??5?3???#??A?x??]
1w3d: RADIUS: NAS-Port-Type [61] 6 Eth [15]
1w3d: RADIUS: Vendor, Cisco [26] 23
1w3d: RADIUS: cisco-nas-port [2] 17 "FastEthernet0/2"
1w3d: RADIUS: NAS-Port [5] 6 50002
1w3d: RADIUS: State [24] 18
1w3d: RADIUS: 63 54 DA 66 61 51 C3 E0 F5 89 40 0D 9A B2 01 A8 [cT?faQ????@?????]
1w3d: RADIUS: NAS-IP-Address [4] 6 10.1.1.102
1w3d: RADIUS: Received from id 1645/230 10.1.3.7:1812, Access-Challenge, len 123
1w3d: RADIUS: authenticator DD 9E 08 4F 3D 0C 15 58 - 49 50 0D 71 DD 8C 17 ED
1w3d: RADIUS: EAP-Message [79] 67
1w3d: RADIUS: 01 06 00 41 19 00 14 03 01 00 01 01 16 03 01 00 [???A????????????]
1w3d: RADIUS: 30 24 AA AA C6 F4 FF 3F 23 EE 73 7C 2E 01 28 2D [0$??????#?s|.?(-]
1w3d: RADIUS: 47 85 A0 92 62 40 08 2D F1 83 C6 B4 ED 82 04 22 [G???b@?-???????"]
1w3d: RADIUS: A3 29 3A 0C E7 27 61 90 46 9E 90 57 F2 BA 0C 73 [?):??'a?F??W???s]
1w3d: RADIUS: 7A [z]
1w3d: RADIUS: Message-Authenticato[80] 18
1w3d: RADIUS: E8 F3 04 6B 64 E5 60 F0 D7 30 9B B3 A3 51 33 66 [???kd?`??0???Q3f]
1w3d: RADIUS: State [24] 18
1w3d: RADIUS: 63 54 DA 66 60 52 C3 E0 F5 89 40 0D 9A B2 01 A8 [cT?f`R????@?????]
1w3d: RADIUS(00000078): Received from id 1645/230
1w3d: RADIUS/DECODE: EAP-Message fragments, 65, total 65 bytes
1w3d: RADIUS(00000078): Using existing nas_port 50002
1w3d: RADIUS(00000078): Config NAS IP: 0.0.0.0
1w3d: RADIUS/ENCODE(00000078): acct_session_id: 120
1w3d: RADIUS(00000078): sending
1w3d: RADIUS/ENCODE: Best Local IP-Address 10.1.1.102 for Radius-Server 10.1.3.7
1w3d: RADIUS(00000078): Send Access-Request to 10.1.3.7:1812 id 1645/231, len 164
1w3d: RADIUS: authenticator 6F 1A 59 18 65 C8 EF 20 - A7 74 57 A8 71 EF 6D 43
1w3d: RADIUS: User-Name [1] 9 "testuser"
1w3d: RADIUS: Service-Type [6] 6 Framed [2]
1w3d: RADIUS: Framed-MTU [12] 6 1500
1w3d: RADIUS: Called-Station-Id [30] 19 "00-1E-49-99-B5-82"
1w3d: RADIUS: Calling-Station-Id [31] 19 "00-24-54-42-86-04"
1w3d: RADIUS: EAP-Message [79] 8
1w3d: RADIUS: 02 06 00 06 19 00 [??????]
1w3d: RADIUS: Message-Authenticato[80] 18
1w3d: RADIUS: CF 48 EC 60 AA 47 55 41 60 0F 5B F1 3C 17 D1 A5 [?H?`?GUA`?[?<???]
1w3d: RADIUS: NAS-Port-Type [61] 6 Eth [15]
1w3d: RADIUS: Vendor, Cisco [26] 23
1w3d: RADIUS: cisco-nas-port [2] 17 "FastEthernet0/2"
1w3d: RADIUS: NAS-Port [5] 6 50002
1w3d: RADIUS: State [24] 18
1w3d: RADIUS: 63 54 DA 66 60 52 C3 E0 F5 89 40 0D 9A B2 01 A8 [cT?f`R????@?????]
1w3d: RADIUS: NAS-IP-Address [4] 6 10.1.1.102
1w3d: RADIUS: Received from id 1645/231 10.1.3.7:1812, Access-Challenge, len 101
1w3d: RADIUS: authenticator 55 C2 18 91 2D E0 3A 0E - AC 3A 97 B6 62 FB 84 A8
1w3d: RADIUS: EAP-Message [79] 45
1w3d: RADIUS: 01 07 00 2B 19 00 17 03 01 00 20 E8 04 BE 45 5E [???+?????? ???E^]
1w3d: RADIUS: 59 B3 96 1B B7 48 07 6A 47 AD 0F 11 F0 E1 C6 10 [Y????H?jG???????]
1w3d: RADIUS: 7A E6 C9 D9 21 97 97 A2 4D 41 A1 [z???!???MA?]
1w3d: RADIUS: Message-Authenticato[80] 18
1w3d: RADIUS: DE C0 10 06 90 77 1C C8 9F BC 18 6D 2A 8E 34 5F [?????w?????m*?4_]
1w3d: RADIUS: State [24] 18
1w3d: RADIUS: 63 54 DA 66 67 53 C3 E0 F5 89 40 0D 9A B2 01 A8 [cT?fgS????@?????]
1w3d: RADIUS(00000078): Received from id 1645/231
1w3d: RADIUS/DECODE: EAP-Message fragments, 43, total 43 bytes
1w3d: RADIUS(00000078): Using existing nas_port 50002
1w3d: RADIUS(00000078): Config NAS IP: 0.0.0.0
1w3d: RADIUS/ENCODE(00000078): acct_session_id: 120
1w3d: RADIUS(00000078): sending
1w3d: RADIUS/ENCODE: Best Local IP-Address 10.1.1.102 for Radius-Server 10.1.3.7
1w3d: RADIUS(00000078): Send Access-Request to 10.1.3.7:1812 id 1645/232, len 201
1w3d: RADIUS: authenticator 9E 53 A8 5A 3E 40 A0 5E - 1D B2 BD 22 A0 EF 6B DC
1w3d: RADIUS: User-Name [1] 9 "testuser"
1w3d: RADIUS: Service-Type [6] 6 Framed [2]
1w3d: RADIUS: Framed-MTU [12] 6 1500
1w3d: RADIUS: Called-Station-Id [30] 19 "00-1E-49-99-B5-82"
1w3d: RADIUS: Calling-Station-Id [31] 19 "00-24-54-42-86-04"
1w3d: RADIUS: EAP-Message [79] 45
1w3d: RADIUS: 02 07 00 2B 19 00 17 03 01 00 20 CA 52 0F 0F AB [???+?????? ?R???]
1w3d: RADIUS: D5 84 E3 07 BF E9 37 E3 57 57 3B B0 54 02 79 5F [??????7?WW;?T?y_]
1w3d: RADIUS: 73 26 1D C1 0F 9E 85 68 51 92 A3 [s&?????hQ??]
1w3d: RADIUS: Message-Authenticato[80] 18
1w3d: RADIUS: C5 8E 81 28 B4 BF 98 C6 DA B8 00 11 55 80 ED E5 [???(????????U???]
1w3d: RADIUS: NAS-Port-Type [61] 6 Eth [15]
1w3d: RADIUS: Vendor, Cisco [26] 23
1w3d: RADIUS: cisco-nas-port [2] 17 "FastEthernet0/2"
1w3d: RADIUS: NAS-Port [5] 6 50002
1w3d: RADIUS: State [24] 18
1w3d: RADIUS: 63 54 DA 66 67 53 C3 E0 F5 89 40 0D 9A B2 01 A8 [cT?fgS????@?????]
1w3d: RADIUS: NAS-IP-Address [4] 6 10.1.1.102
1w3d: RADIUS: Received from id 1645/232 10.1.3.7:1812, Access-Challenge, len 133
1w3d: RADIUS: authenticator 6D 60 29 9F E3 FE 86 59 - 28 C6 39 D6 5A 3C 2B A5
1w3d: RADIUS: EAP-Message [79] 77
1w3d: RADIUS: 01 08 00 4B 19 00 17 03 01 00 40 C7 3A E6 C2 FD [???K??????@?:???]
1w3d: RADIUS: 65 55 33 19 3C C6 BE A8 32 B6 42 30 A9 7E 69 DE [eU3?<???2?B0?~i?]
1w3d: RADIUS: 9C F5 27 8F 61 5E 12 7B 7B 7E 55 4C FE FF 4C E6 [??'?a^?{{~UL??L?]
1w3d: RADIUS: 91 38 4A 01 3B 70 13 5F CC E6 D9 33 78 68 32 68 [?8J?;p?_???3xh2h]
1w3d: RADIUS: FD A9 DC A0 26 05 FC C6 BB BF D0 [????&??????]
1w3d: RADIUS: Message-Authenticato[80] 18
1w3d: RADIUS: 23 F6 4F 03 92 1A 5C 26 BB 82 B4 40 A2 43 7E DC [#?O???\&???@?C~?]
1w3d: RADIUS: State [24] 18
1w3d: RADIUS: 63 54 DA 66 66 5C C3 E0 F5 89 40 0D 9A B2 01 A8 [cT?ff\????@?????]
1w3d: RADIUS(00000078): Received from id 1645/232
1w3d: RADIUS/DECODE: EAP-Message fragments, 75, total 75 bytes
1w3d: RADIUS(00000078): Using existing nas_port 50002
1w3d: RADIUS(00000078): Config NAS IP: 0.0.0.0
1w3d: RADIUS/ENCODE(00000078): acct_session_id: 120
1w3d: RADIUS(00000078): sending
1w3d: RADIUS/ENCODE: Best Local IP-Address 10.1.1.102 for Radius-Server 10.1.3.7
1w3d: RADIUS(00000078): Send Access-Request to 10.1.3.7:1812 id 1645/233, len 265
1w3d: RADIUS: authenticator A1 95 14 47 86 C3 D5 10 - 4C B8 6C A7 35 3E FB 90
1w3d: RADIUS: User-Name [1] 9 "testuser"
1w3d: RADIUS: Service-Type [6] 6 Framed [2]
1w3d: RADIUS: Framed-MTU [12] 6 1500
1w3d: RADIUS: Called-Station-Id [30] 19 "00-1E-49-99-B5-82"
1w3d: RADIUS: Calling-Station-Id [31] 19 "00-24-54-42-86-04"
1w3d: RADIUS: EAP-Message [79] 109
1w3d: RADIUS: 02 08 00 6B 19 00 17 03 01 00 60 C8 C9 42 DA 55 [???k??????`??B?U]
1w3d: RADIUS: 9A 2B 33 54 87 CA E5 C5 CF C8 A6 45 09 01 42 3C [?+3T???????E??B<]
1w3d: RADIUS: F8 7D 37 98 4A EE 85 DB 5E 55 B4 97 D4 A3 41 D9 [?}7?J???^U????A?]
1w3d: RADIUS: 21 50 40 64 9F 96 02 E0 D4 9C 8A 97 30 42 F9 48 [!P@d????????0B?H]
1w3d: RADIUS: 65 89 A2 3F EC 65 0E B6 43 F0 51 3A 6B E3 1D 58 [e????e??C?Q:k??X]
1w3d: RADIUS: 72 92 67 F6 8B F8 3C 94 2B C3 69 89 8B 6E 5D B3 [r?g???<?+?i??n]?]
1w3d: RADIUS: C7 D5 6C 0E 54 D3 76 D0 21 35 0B [??l?T?v?!5?]
1w3d: RADIUS: Message-Authenticato[80] 18
1w3d: RADIUS: 53 8A 74 F9 DB 80 9A 36 1D 95 21 13 65 36 C1 99 [S?t????6??!?e6??]
1w3d: RADIUS: NAS-Port-Type [61] 6 Eth [15]
1w3d: RADIUS: Vendor, Cisco [26] 23
1w3d: RADIUS: cisco-nas-port [2] 17 "FastEthernet0/2"
1w3d: RADIUS: NAS-Port [5] 6 50002
1w3d: RADIUS: State [24] 18
1w3d: RADIUS: 63 54 DA 66 66 5C C3 E0 F5 89 40 0D 9A B2 01 A8 [cT?ff\????@?????]
1w3d: RADIUS: NAS-IP-Address [4] 6 10.1.1.102
1w3d: RADIUS: Received from id 1645/233 10.1.3.7:1812, Access-Challenge, len 149
1w3d: RADIUS: authenticator F6 82 B1 7E 1D 01 08 AD - 72 09 FE 54 A2 70 18 6A
1w3d: RADIUS: EAP-Message [79] 93
1w3d: RADIUS: 01 09 00 5B 19 00 17 03 01 00 50 5F 0B 8C 36 17 [???[??????P_??6?]
1w3d: RADIUS: BA 42 7B 0E C4 C9 B7 0F 94 08 14 14 92 1C 58 74 [?B{???????????Xt]
1w3d: RADIUS: D0 DE 34 CA 7D 86 56 98 58 D6 4D 87 71 04 56 1F [??4?}?V?X?M?q?V?]
1w3d: RADIUS: 27 06 D3 C0 30 8C C1 97 DF 54 96 11 FD 37 FC 49 ['???0????T???7?I]
1w3d: RADIUS: 0F FE 9E BB 75 0B DB 6A 8F A1 45 FF CA 8C 51 79 [????u??j??E???Qy]
1w3d: RADIUS: 1C 51 6F 9B 19 23 DB D5 8F 03 DF [?Qo??#?????]
1w3d: RADIUS: Message-Authenticato[80] 18
1w3d: RADIUS: 41 B3 98 DA 01 8C 2A 28 74 CE FD CE AD CF 40 61 [A?????*(t?????@a]
1w3d: RADIUS: State [24] 18
1w3d: RADIUS: 63 54 DA 66 65 5D C3 E0 F5 89 40 0D 9A B2 01 A8 [cT?fe]????@?????]
1w3d: RADIUS(00000078): Received from id 1645/233
1w3d: RADIUS/DECODE: EAP-Message fragments, 91, total 91 bytes
1w3d: RADIUS(00000078): Using existing nas_port 50002
1w3d: RADIUS(00000078): Config NAS IP: 0.0.0.0
1w3d: RADIUS/ENCODE(00000078): acct_session_id: 120
1w3d: RADIUS(00000078): sending
1w3d: RADIUS/ENCODE: Best Local IP-Address 10.1.1.102 for Radius-Server 10.1.3.7
1w3d: RADIUS(00000078): Send Access-Request to 10.1.3.7:1812 id 1645/234, len 201
1w3d: RADIUS: authenticator 23 D3 5B 1D C5 B5 2E 31 - 9A C1 D4 A7 76 11 A6 D2
1w3d: RADIUS: User-Name [1] 9 "testuser"
1w3d: RADIUS: Service-Type [6] 6 Framed [2]
1w3d: RADIUS: Framed-MTU [12] 6 1500
1w3d: RADIUS: Called-Station-Id [30] 19 "00-1E-49-99-B5-82"
1w3d: RADIUS: Calling-Station-Id [31] 19 "00-24-54-42-86-04"
1w3d: RADIUS: EAP-Message [79] 45
1w3d: RADIUS: 02 09 00 2B 19 00 17 03 01 00 20 53 27 B3 87 B9 [???+?????? S'???]
1w3d: RADIUS: EE 13 4D D5 06 7A 7C FD 2E 5A E9 C9 6E 03 92 80 [??M??z|?.Z??n???]
1w3d: RADIUS: C7 7F A1 27 7D D9 F4 36 A2 E2 30 [???'}??6??0]
1w3d: RADIUS: Message-Authenticato[80] 18
1w3d: RADIUS: 46 36 2E FB 1F 4F 9B 2F A2 AC 4F 11 DA 3F F0 56 [F6.??O?/??O????V]
1w3d: RADIUS: NAS-Port-Type [61] 6 Eth [15]
1w3d: RADIUS: Vendor, Cisco [26] 23
1w3d: RADIUS: cisco-nas-port [2] 17 "FastEthernet0/2"
1w3d: RADIUS: NAS-Port [5] 6 50002
1w3d: RADIUS: State [24] 18
1w3d: RADIUS: 63 54 DA 66 65 5D C3 E0 F5 89 40 0D 9A B2 01 A8 [cT?fe]????@?????]
1w3d: RADIUS: NAS-IP-Address [4] 6 10.1.1.102
1w3d: RADIUS: Received from id 1645/234 10.1.3.7:1812, Access-Challenge, len 101
1w3d: RADIUS: authenticator BD D4 91 CC 08 8D 0B E5 - A3 54 97 49 4B 9C 28 68
1w3d: RADIUS: EAP-Message [79] 45
1w3d: RADIUS: 01 0A 00 2B 19 00 17 03 01 00 20 F1 07 45 C8 19 [???+?????? ??E??]
1w3d: RADIUS: ED D6 0B 8D C6 76 7C 70 1D BA 23 4B 10 90 73 A9 [?????v|p??#K??s?]
1w3d: RADIUS: DC 0A 11 9E E9 AE 98 E9 4C 6D AF [????????Lm?]
1w3d: RADIUS: Message-Authenticato[80] 18
1w3d: RADIUS: 1A 45 E7 03 2A D6 4D 33 E0 56 60 8A 5B 66 09 23 [?E??*?M3?V`?[f?#]
1w3d: RADIUS: State [24] 18
1w3d: RADIUS: 63 54 DA 66 64 5E C3 E0 F5 89 40 0D 9A B2 01 A8 [cT?fd^????@?????]
1w3d: RADIUS(00000078): Received from id 1645/234
1w3d: RADIUS/DECODE: EAP-Message fragments, 43, total 43 bytes
1w3d: RADIUS(00000078): Using existing nas_port 50002
1w3d: RADIUS(00000078): Config NAS IP: 0.0.0.0
1w3d: RADIUS/ENCODE(00000078): acct_session_id: 120
1w3d: RADIUS(00000078): sending
1w3d: RADIUS/ENCODE: Best Local IP-Address 10.1.1.102 for Radius-Server 10.1.3.7
1w3d: RADIUS(00000078): Send Access-Request to 10.1.3.7:1812 id 1645/235, len 201
1w3d: RADIUS: authenticator FA E2 21 EC FA 4F 81 3A - 77 00 15 80 D7 38 B9 5D
1w3d: RADIUS: User-Name [1] 9 "testuser"
1w3d: RADIUS: Service-Type [6] 6 Framed [2]
1w3d: RADIUS: Framed-MTU [12] 6 1500
1w3d: RADIUS: Called-Station-Id [30] 19 "00-1E-49-99-B5-82"
1w3d: RADIUS: Calling-Station-Id [31] 19 "00-24-54-42-86-04"
1w3d: RADIUS: EAP-Message [79] 45
1w3d: RADIUS: 02 0A 00 2B 19 00 17 03 01 00 20 F6 5A 6E 7D 98 [???+?????? ?Zn}?]
1w3d: RADIUS: F1 6C 70 74 2B 35 CB 89 B4 F0 B5 03 D0 F1 A3 3B [?lpt+5?????????;]
1w3d: RADIUS: F6 85 67 5C C7 9D 92 11 9B C1 79 [??g\??????y]
1w3d: RADIUS: Message-Authenticato[80] 18
1w3d: RADIUS: B2 ED DE 02 AF FE 9F 77 2F BB 3C 91 9A F3 CE 72 [???????w/?<????r]
1w3d: RADIUS: NAS-Port-Type [61] 6 Eth [15]
1w3d: RADIUS: Vendor, Cisco [26] 23
1w3d: RADIUS: cisco-nas-port [2] 17 "FastEthernet0/2"
1w3d: RADIUS: NAS-Port [5] 6 50002
1w3d: RADIUS: State [24] 18
1w3d: RADIUS: 63 54 DA 66 64 5E C3 E0 F5 89 40 0D 9A B2 01 A8 [cT?fd^????@?????]
1w3d: RADIUS: NAS-IP-Address [4] 6 10.1.1.102
1w3d: RADIUS: Received from id 1645/235 10.1.3.7:1812, Access-Accept, len 186
1w3d: RADIUS: authenticator 46 4B 53 12 99 7A F4 76 - 96 53 79 07 62 FA FE 5E
1w3d: RADIUS: Tunnel-Type [64] 6 00:VLAN [13]
1w3d: RADIUS: Tunnel-Medium-Type [65] 6 00:ALL_802 [6]
1w3d: RADIUS: Tunnel-Private-Group[81] 5 "741"
1w3d: RADIUS: User-Name [1] 9 "testuser"
1w3d: RADIUS: Vendor, Microsoft [26] 58
1w3d: RADIUS: MS-MPPE-Recv-Key [17] 52 *
1w3d: RADIUS: Vendor, Microsoft [26] 58
1w3d: RADIUS: MS-MPPE-Send-Key [16] 52 *
1w3d: RADIUS: EAP-Message [79] 6
1w3d: RADIUS: 03 0A 00 04 [????]
1w3d: RADIUS: Message-Authenticato[80] 18
1w3d: RADIUS: B6 BE D0 BE 54 B5 B8 9B 6F 06 D7 A2 7F A7 47 2A [????T???o?????G*]
1w3d: RADIUS(00000078): Received from id 1645/235
1w3d: RADIUS/DECODE: EAP-Message fragments, 4, total 4 bytes
1w3d: %DOT1X_SWITCH-5-ERR_ADDING_ADDRESS: Unable to add address 0024.5442.8604 on Fa0/2
1w3d: dot1x-err:Failed to add 0024.5442.8604:741 on FastEthernet0/2
The debug from a C2950 Software (C2950-I6Q4L2-M), Version 12.1(22)EA14, RELEASE SOFTWARE (fc1) switch has a bit more information
RADIUS: EAP-login: length of eap packet = 4
3d03h: RADIUS: Tunnel-MType, [00] 00 00 06
3d03h: RADIUS: tag='00', consider the attribute untagged.
3d03h: RADIUS: TAS(0) created and enqueued.
3d03h: RADIUS: Tunnel-Type, [00] 00 00 0D
3d03h: RADIUS: Tunnel-GID, [00] 741
3d03h: RADIUS: unrecognized Microsoft VSA type 17
3d03h: RADIUS: unrecognized Microsoft VSA type 16
3d03h: RADIUS: TAS(0) takes precedence over tagged attributes,
tunnel_type=13
3d03h: RADIUS: free TAS(0)
3d03h: RADIUS: no appropriate authorization type for user.
Radius debug log snippet shows access-accept:
Waking up in 3.3 seconds.
rad_recv: Access-Request packet from host 10.1.1.102 port 1645, id=226, length=201
User-Name = "testuser"
Service-Type = Framed-User
Framed-MTU = 1500
Called-Station-Id = "00-1E-49-99-B5-82"
Calling-Station-Id = "00-24-54-42-86-04"
EAP-Message = 0x020a002b19001703010020587590e237130c060446fb11d376500910b601cfb2d3605a71d4bec6d645517e
Message-Authenticator = 0xd3bfd6a24de22e93aa9e5f2f7819c864
NAS-Port-Type = Ethernet
Cisco-NAS-Port = "FastEthernet0/2"
NAS-Port = 50002
State = 0x51984bf05692527dab89cb2cb6f3d522
NAS-IP-Address = 10.1.1.102
server packetfence {
# Executing section authorize from file /usr/local/pf/raddb/sites-enabled/packetfence
+- entering group authorize {...}
[suffix] No '@' in User-Name = "testuser", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[preprocess] returns ok
[eap] EAP packet type response id 10 length 43
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /usr/local/pf/raddb/sites-enabled/packetfence
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Peap state send tlv success
[peap] Received EAP-TLV response.
[peap] Success
[peap] Using saved attributes from the original Access-Accept
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "741"
User-Name = "testuser"
[eap] Freeing handler
++[eap] returns ok
Login OK: [testuser] (from client 10.1.1.102 port 50002 cli 00-24-54-42-86-04)
# Executing section post-auth from file /usr/local/pf/raddb/sites-enabled/packetfence
+- entering group post-auth {...}
++[exec] returns noop
++? if (!EAP-Type || (EAP-Type != 21 && EAP-Type != 25))
? Evaluating !(EAP-Type ) -> FALSE
?? Evaluating (EAP-Type != 21 ) -> TRUE
?? Evaluating (EAP-Type != 25) -> FALSE
++? if (!EAP-Type || (EAP-Type != 21 && EAP-Type != 25)) -> FALSE
} # server packetfence
Sending Access-Accept of id 226 to 10.1.1.102 port 1645
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "741"
User-Name = "testuser"
MS-MPPE-Recv-Key = 0x88954e0d97ca1d4d422b5fe0d4b4a234a1a567434f2db150989a4aacf3e437d2
MS-MPPE-Send-Key = 0xc1fdbace83664c4dcc168841a6a0cb9041de1333ce72d6dd2cbf8430a9a47070
EAP-Message = 0x030a0004
Message-Authenticator = 0x00000000000000000000000000000000
Finished request 191.
Going to the next request
Waking up in 1.8 seconds.
Cleaning up request 190 ID 225 with timestamp +5281
Waking up in 3.1 seconds.
Cleaning up request 191 ID 226 with timestamp +5285
Ready to process requests.
I appreciate that's not the full debug log for the 2950, nor the radius server. These are available if anyone needs them.
Can anyone please help shed some light on this?
- Labels:
-
AAA
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-12-2013 04:21 AM
2960 switch config:
Current configuration : 3328 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname llHswA105
!
enable secret 5 blahblah
!
aaa new-model
aaa group server radius packetfence
server 10.1.3.7 auth-port 1812 acct-port 1813
!
aaa authentication login default local
aaa authentication login MyVTY line
aaa authentication login MyCon none
aaa authentication dot1x default group packetfence
aaa authorization network default group packetfence
!
aaa session-id common
system mtu routing 1500
ip subnet-zero
!
no ip domain-lookup
ip name-server 193.62.96.6
!
!
!
dot1x system-auth-control
dot1x guest-vlan supplicant
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface FastEthernet0/1
description Link from PG
switchport mode trunk
speed 10
duplex full
!
interface FastEthernet0/2
description Andi test
switchport mode access
dot1x pae authenticator
dot1x port-control auto
dot1x host-mode multi-host
dot1x timeout quiet-period 3
dot1x timeout tx-period 15
dot1x timeout supp-timeout 10
dot1x reauthentication
dot1x guest-vlan 798
spanning-tree portfast
!
interface FastEthernet0/3
description Sean Desk
switchport access vlan 720
switchport mode access
!
interface FastEthernet0/4
!
interface FastEthernet0/5
switchport access vlan 712
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/6
description pfencehalls02
switchport mode trunk
!
interface FastEthernet0/7
description pfencehalls01
switchport mode trunk
!
interface FastEthernet0/8
description Sean
switchport access vlan 720
switchport mode access
!
interface GigabitEthernet0/1
switchport mode trunk
spanning-tree portfast
!
interface Vlan1
ip address 10.1.1.102 255.255.255.0
no ip route-cache
!
ip default-gateway 10.1.1.2
ip http server
logging trap warnings
logging 192.168.1.12
access-list 10 permit 10.1.3.8
access-list 10 permit 10.1.3.9
access-list 10 permit 10.1.1.2
access-list 10 permit 192.168.110.13
access-list 10 permit 192.168.1.9
access-list 10 permit 192.168.1.10
access-list 10 permit 192.168.1.12
access-list 10 permit 10.100.3.10
access-list 10 permit 192.168.199.199
access-list 10 permit 192.168.6.18
access-list 10 permit 193.62.103.18
access-list 10 permit 193.62.96.3
access-list 10 permit 192.168.199.5
access-list 10 permit 192.168.199.4
access-list 10 permit 192.168.199.2
access-list 10 permit 193.62.103.42
access-list 10 permit 10.1.1.199
access-list 10 deny any log
snmp-server community blah RO 10
snmp-server community bleh RW 10
snmp-server location LL A105
snmp-server contact Helpdesk extn. 7000
snmp-server enable traps port-security
snmp-server enable traps port-security trap-rate 1
snmp-server host 192.168.1.10 public-uwic config vlan-membership snmp
radius-server host 10.1.3.7 auth-port 1812 acct-port 1813 timeout 2 key 7 bleeee
radius-server source-ports 1645-1646
radius-server deadtime 1
radius-server vsa send authentication
!
control-plane
!
!
line con 0
login authentication MyCon
line vty 0 4
access-class 10 in
password 7 moo
login authentication MyVTY
line vty 5 15
session-timeout 30
access-class 10 in
password 7 baaa
!
ntp server 192.168.1.10
end
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-16-2013 06:08 AM
It looks like this might be happening on the wireless side of things as well, although it's less apparent for the end user, which is why we hadn't heard about it until now.
Has anybody any idea where I can start looking?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-16-2013 07:16 AM
It actually seems to be related to the time of day, in correlation to how busy the network is.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-02-2014 02:36 AM
Nobody has any idea? This is a shame.
The problem seems to have disappeared over Christmas as the network has quietened down dramatically. I'd still really like to find the solution before everyone starts back again.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide