Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
733
Views
3
Helpful
4
Replies

Wireless authentication

etamminga
Spotlight
Spotlight

‎07-16-2005 12:41 AM - edited ‎07-04-2021 10:58 AM

Hi,

Can someone tell me what's failing in the debug radius output (from access-point) below. We see clients fail authenticating PEAP. We use MS 802.1x supplicants on windows 2000/sp4 and XP/sp2 as well as Cisco 802.1x supplicants (a/b/g cards), Aironet 1100 accesspoints with latest IOS, Cisco ACS Appliance.

ACS shows successfull authentications.

Regards,

Erik

Remark with debug output:

During only some sessions the first line (Bind i/f) is repeated 100's of times

Labels:
Preview file
79 KB
0 Helpful
4 Replies 4

dominic.caron
Level 5
Level 5

‎07-18-2005 05:04 AM

Please send more output:

debug dot11 mgmt int

debug dot11 mgmt msg

0 Helpful

etamminga
Spotlight
Spotlight
In response to dominic.caron

‎07-20-2005 03:36 AM

Hi,

As requested, some more debug output.

This time with debug radius, debug dot11 mgmt state-machine, debug dot11 mgmt int and dot11 mgmt msg.

If also included some Win2K EAP logfiles (c:\>netsh ras set tracing * en)

Please pinpoint the problem for me, I can't seem to find it and am running out of options...

Well, when I configure EAP-FAST on the Cisco client all seems to work just fine. But almost none of my clients have this option so PEAP is a requirement.

Erik Tamminga

34439-peap-log
0 Helpful

dominic.caron
Level 5
Level 5
In response to etamminga

‎07-21-2005 07:14 AM

The radius part is OK, you are receiving an Access-Accept and keys. This leave us with a client or AccessPoint config problem.

Please try to use 802.1x client(Like a centrino using ProSet or meetinghouse,funk,cisco) other than the generic windows client to authenticate using MS-PEAP. If it work, the problem is the Windows client.

If you are using XP SP2 or W2K SP3, did you apply patch KB885453 from MS on client. If not, you can be sure it wont work. You must ask MS tech support for the patch its not online, I only have the french version of it...

etamminga
Spotlight
Spotlight
In response to dominic.caron

‎07-21-2005 09:02 AM

Hi Dominic,

Thank you for that answer, I'll ask MS to send me the hotfix to test further.

What I also found out is that when using WEP encryption authentication succeeds. The debug outputs I send used WPA encryption.

For now my clients can work with WEP (cypher TPIK+WEP128).

Furthermore I do think it's the Microsoft Supplicant that's failing but am a little surprised to see that no other people are experiencing this. (At least, they're not asking in public about it.)

Erik

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card