cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1682
Views
0
Helpful
5
Replies

Wireless solution with ACS 5.2 and 3rd-party access point

Samir Aliyev
Level 1
Level 1

  Hello all. I have windows 7 clients (supplicants), D-link access point (authenticator),  Cisco acs 5.2 virtual appliance with evalution license (acts as authentication server - Radius server).    I want to setup  EAP authentication (PEAP) that users will be able connect to Wireless LAN with login-password.   I've done some configurations,  but  I did not get any result.    in  ACS 5.2   I get  this error message:

11014 RADIUS packet contains invalid attribute(s):                                                        RADIUS Request dropped

One of the attributes in the RADIUS packet did not parse correctly

Please, help me for solving this problem.

5 Replies 5

Hi.

I have the same problem with ACS 4.2 and TP-link AP, i try to use it without certificate authority, I only need login with user and password.

I just resolve my problem.

in

Interface Configuration > Radius (Microsoft)

enable all checks. Then in Group Setup.

In the group where my user is asign enable all checks in Section

Microsoft RADIUS Attributes

The authentication whitout certificate and TP-link was sucessfull in Iphone, Mac OS, android phone and windows.

This whit ACS 4.2.

The Device in Network Configuration use Radius (IETF).

My next test is use this configuration but with Catalyst and IBSN.

I changed   Authorization Profile to default 'Permit Access'  in  Access Policies -> Authorization -> Rule.

And solved. 

  But  you need  eap certificate for peap-mschapv2  authentification.  

    The problem is: If Client (supplicant)  does not validate a  Radius server certificate for creating eap tunnel,  it does not connect.

     What i did? 

        In windows xp and windows 7 clients  I  unchecked  'Validate certificate'  option and  get successfull connection.

     But  in Iphone,  android phones, tablets  etc.  I don't know what to do.

       I think that it is not true solution.

    May be I  should by  a certificate (for example, from VeriSign) that validates all systems?

In Android Iphone and MAC OS, in my situation the devices negotiate automatic without certificate, do you enable in

Allow "EAP-MSCHAPv2" and "Allow EAP-GTC" in System configuration > Global Authentication Setup?

You are right. No need certificate in android.  Its connected

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: