Re: Aironet 1200 / TLS-PEAP / FreeRADIUS

Mon, 07 Jun 2004 10:26:28 -0700

Hi,
 
What I see from your running-configuration that you have not assigned a static IP to your BVI interface, instead you are using dhcp to obtain an IP. I think you should assign a static IP to you BVI interface that configure the radius client files with this IP.
 
you can do it like this
 
interface BVI1
ip address a.b.c.d  255.255.0.0  
 
then you could try to ping your radius server from AP1200. If ping is successful then it should work.
 
Have you added your access point's IP and shared secret in the /etc/raddb/clients
Aoun.
 
 
 
"Epp, Ladd J" <[EMAIL PROTECTED]> wrote:

Has anyone here had any experience with the Aironet 1200 / TLS-PEAP / FreeRADIUS combination of hardware/software?  For some reason, the Aironet is not trying to communicate with FreeRADIUS (radiusd –XX shows no communication attempts).  I know this is leaning more towards a Cisco problem, but I’ve tried posting to several lists and no one seems to know (or cares to respond). If anyone could help me out it would be greatly appreciated. Below is the debug output from the Cisco AP, and below that is the AP configuration.  I would post the FreeRADIUS debug stuff, but there is none (no communication attempts).

 

Thanks Again,

Ladd

 

 

Jun 3 21:41:18.200: dot11_auth_add_client_entry: Create new client 000c.4138.ccd9
Jun 3 21:41:18.201: dot11_auth_initialize_client: 000c.4138.ccd9 is added to the client list
Jun 3 21:41:18.201: dot11_auth_add_client_entry: req->auth_type 0
Jun 3 21:41:18.201: dot11_auth_add_client_entry: auth_methods_inprocess: 2
Jun 3 21:41:18.202: dot11_auth_add_client_entry: eap list name: eap_methods
Jun 3 21:41:18.202: dot11_run_auth_methods: Start auth method EAP or LEAP
Jun 3 21:41:18.202: dot11_auth_dot1x_start: in the dot11_auth_dot1x_start
Jun 3 21:41:18.202: dot11_auth_dot1x_send_id_req_to_client: sending identity request for 000c.4138.ccd9
Jun 3 21:41:18.202: EAPOL pak dump tx
Jun 3 21:41:18.202: EAPOL Version: 0x1 type: 0x0 length: 0x0005
Jun 3 21:41:18.202: EAP code: 0x1 id: 0x1 length: 0x0005 type: 0x1
00E00680: 01000005 01010005 01 .........
Jun 3 21:41:18.202: dot11_auth_send_msg: sending data to requestor status 1
Jun 3 21:41:18.202: dot11_auth_send_msg: Sending EAPOL to requestor
Jun 3 21:41:18.203: dot11_auth_dot1x_send_id_req_to_client: Started timer client_timeout 30 seconds
Jun 3 21:41:18.208: dot11_auth_parse_client_pak: Received EAPOL packet from 000c.4138.ccd9
Jun 3 21:41:18.208: EAPOL pak dump rx
Jun 3 21:41:18.208: EAPOL Version: 0x1 type: 0x1 length: 0x0000
00E12800: 01010000 ....
Jun 3 21:41:18.208: dot11_auth_dot1x_run_rfsm: Executing Action(CLIENT_WAIT,EAP_START) for 000c.4138.ccd9
Jun 3 21:41:18.208: dot11_auth_dot1x_send_id_req_to_client: sending identity request for 000c.4138.ccd9
Jun 3 21:41:18.208: EAPOL pak dump tx
Jun 3 21:41:18.208: EAPOL Version: 0x1 type: 0x0 length: 0x0005
Jun 3 21:41:18.208: EAP code: 0x1 id: 0x2 length: 0x0005 type: 0x1
00E002E0: 01000005 01020005 ........
00E002F0: 01 .
Jun 3 21:41:18.209: dot11_auth_send_msg: sending data to requestor status 1
Jun 3 21:41:18.209: dot11_auth_send_msg: Sending EAPOL to requestor
Jun 3 21:41:18.209: dot11_auth_dot1x_send_id_req_to_client: Started timer client_timeout 30 seconds

version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec localtime show-timezone
service password-encryption
!
hostname ap
!
logging queue-limit 100
enable secret 5 xxx
!
username Cisco password 7 xxx
clock timezone S -6
clock summer-time S recurring
ip subnet-zero
!
aaa new-model
!        
!
aaa group server radius rad_eap
 server xxx.xxx.17.103 auth-port 1812 acct-port 1813
!
aaa group server radius rad_mac
!
aaa group server radius rad_acct
!
aaa group server radius rad_admin
!
aaa group server tacacs+ tac_admin
!
aaa group server radius rad_pmip
!
aaa group server radius dummy
!
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authorization exec default local
aaa authorization ipmobile default group rad_pmip
aaa accounting network acct_methods start-stop group rad_acct
aaa session-id common
!        
!
bridge irb
!
!
interface Dot11Radio0
 no ip address
 no ip route-cache
 !
 encryption key 1 size 128bit 7 xxx transmit-key
 encryption mode ciphers tkip wep128
 !
 ssid tsunami
    authentication open eap eap_methods
    authentication network-eap eap_methods
    guest-mode
 !
 speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
 rts threshold 2312
 station-role root
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
 bridge-group 1 spanning-disabled
!
interface FastEthernet0
 no ip address
 no ip route-cache
 speed auto
 full-duplex
 ntp broadcast client
 bridge-group 1
 no bridge-group 1 source-learning
 bridge-group 1 spanning-disabled
!
interface BVI1
 ip address dhcp client-id FastEthernet0
 no ip route-cache
!
ip http server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag/122-15.JA/1100
ip radius source-interface BVI1
radius-server local
!
radius-server attribute 32 include-in-access-req format %h
radius-server host xxx.xxx.17.103 auth-port 1812 acct-port 1813 key 7 xxx
radius-server authorization permit missing Service-Type
radius-server vsa send accounting
bridge 1 route ip
!
!
!
line con 0
line vty 5 15
!
ntp clock-period 2860630
ntp server xxx.xxx.32.1
end

 

Ladd J. Epp

Information Specialist

The University of Kansas

785-864-0460

 

Do you Yahoo!?
Friends. Fun. Try the all-new Yahoo! Messenger

Reply via email to