Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > Cisco 802 config and MS IAS / Radius Server

Reply
Thread Tools

Cisco 802 config and MS IAS / Radius Server

 
 
Georg Dingler
Guest
Posts: n/a
 
      11-08-2006
Hello,

I configured a Cisco 3750 for Radius Authentification for LAN Access in
combination with the MS IAS (Radius) Server. The XP Client has DHCP
configured. The Windows Eventlog tells that Access is granted, but the
XP Client fails to get an IP address. Are additional attributes on the
IAS Server necessary ? Thanks for a tip !

Config of the IAS Server:

Service-Type: Framed
Tunnel-Medium-Type: 802
Tunnel-Pvt-Group-ID: 0x03
Tunnel-Type: Virtual LANs(VLAN)

Certificate is configured and selected on the Windows XP Client.

Config of the 3750:

....

aaa new-model
aaa authentication login local_authen local
aaa authentication dot1x default group radius
aaa authorization exec local_author local
aaa authorization network default group radius

....

interface FastEthernet1/0/24
switchport access vlan 3
switchport mode access
switchport port-security
dot1x pae authenticator
dot1x port-control auto

....

radius-server host 192.168.0.1 auth-port 1812 acct-port 1646 key radius
radius-server source-ports 1645-1646

....

Windows Eventlog:

Benutzer "DOM\USER_TEST" wurde Zugriff gewährt.
Vollqualifizierter Benutzername = DOM.test-it.de/Users/A_USER_TEST
NAS-IP-Adresse = 192.168.0.199
NAS-Kennung = <nicht vorhanden>
Clientanzeigename = 3750
Client-IP-Adresse = 192.168.0.199
Kennung der Anruferstation = [MAC address of the XP Client NIC]
NAS-Porttyp = Ethernet
NAS-Port = 50124
Proxyrichtlinienname = Windows-Authentifizierung für alle Benutzer
verwenden
Authentifizierungsanbieter = Windows
Authentifizierungsserver = <unbestimmt>
Richtlinienname = 3750
Authentifizierungstyp = PEAP
EAP-Typ = Sicheres Kennwort (EAP-MSCHAP v2)

IAS Server Logfile:

192.168.0.199,DOM\USER_TEST,11/06/2006,21:38:47,IAS,server,4128,3750,6,2,12,1500,30, 00-13-C3-CE-F2-9A,31,[MAC

address of the XP Client
NIC],5,50124,61,15,4,192.168.0.199,4108,192.168.0.199, 4116,9,4155,1,4154,Windows-Authentifizierung

für alle Benutzer verwenden,4129,DOM\USER_TEST,4149,3750,25,311 1
192.168.0.1 11/06/2006 16:54:04 264,4132,Sicheres Kennwort (EAP-MSCHAP
v2),4127,11,4130,DOM.test-it.de/Users/A_USER_TEST,4136,1,4142,0
192.168.0.199,DOM\USER_TEST,11/06/2006,21:38:47,IAS,server,4128,3750,25,311
1 192.168.0.1 11/06/2006 16:54:04 264,4132,Sicheres Kennwort (EAP-MSCHAP
v2),4127,11,8100,0,4108,192.168.0.199,4116,9,4155, 1,4154,Windows-Authentifizierung

für alle Benutzer
verwenden,4129,DOM\USER_TEST,4149,3750,6,2,65,6,81 ,0x03,64,13,4130,DOM.test-it.de/Users/A_USER_TEST,4120,0x0148,4136,2,4142,0

--
Georg
www.dingler-it.de
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Aironet 1200, 802.1x and Microsoft IAS (Radius) Server problems... Martin Bodenstedt Cisco 6 04-13-2009 10:07 PM
Security - WLAN WPA(2) 802.1x, PKI/CA, IAS/Radius, Windows 2003 AD Friedrich Stockhammer Wireless Networking 0 01-16-2007 02:26 PM
Microsoft IAS Patch to Correct Very Slow RADIUS/802.1X Authentication? Jeff Wireless Networking 2 01-05-2005 07:32 PM
config a IAS server with wired 802.1x and switch wld Cisco 0 09-20-2004 01:07 AM
config a IAS server with wired 802.1x and switch wld Cisco 0 09-19-2004 07:15 AM



Advertisments