Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > Settinup 802.ix authentication with cisco 2950 and Micorsoft IAS

Reply
Thread Tools

Settinup 802.ix authentication with cisco 2950 and Micorsoft IAS

 
 
wisdom1999@gmail.com
Guest
Posts: n/a
 
      01-27-2006
I have a project to stop rogue users form pluging onto my network. I
have seen where cisco switches can do port authentication with a radius
server. I would like to setup and IAS server on win2k3 as my radius
server. Can anyone provide me with configuration guides to configure
the switch as well as the IAS server? I would really appreciate the
assistance.

PWM

 
Reply With Quote
 
 
 
 
hidalgal@gmail.com
Guest
Posts: n/a
 
      01-27-2006
You can find how to set up IAS for W2K (almost the same for W2K3) in
the following page:

http://www.cisco.com/en/US/products/....shtml#install

Regards,

AHG

 
Reply With Quote
 
 
 
 
wisdom1999@gmail.com
Guest
Posts: n/a
 
      01-27-2006
Thanks for your reply. I tried it but i think that i am still doing
something wrong.

Here is a copy of the dubug i did on my 802.1x
SW_SPARE>en
Password:
4d02h: AAA: parse name=tty0 idb type=-1 tty=-1
4d02h: AAA: name=tty0 flags=0x11 type=4 shelf=0 slot=0 adapter=0 port=0
channel=0
4d02h: AAA/MEMORY: create_user (0x80CC7D30) user='' ruser=''
port='tty0' rem_addr='async' authen_type=ASCII service=LOGIN priv=1
4d02h: AAA/AUTHEN/START (1449486165): port='tty0' list='' action=LOGIN
service=LOGIN
4d02h: AAA/AUTHEN/START (1449486165): console login - default to "no
auth required"
4d02h: AAA/AUTHEN/START (1449486165): Method=NONE
4d02h: AAA/AUTHEN (1449486165): status = PASS
4d02h: AAA: parse name=tty0 idb type=-1 tty=-1
4d02h: AAA: name=tty0 flags=0x11 type=4 shelf=0 slot=0 adapter=0 port=0
channel=0
4d02h: AAA/MEMORY: create_user (0x80CCFC34) user='' ruser=''
port='tty0' rem_addr='async' authen_type=ASCII service=ENABLE priv=15
4d02h: AAA/AUTHEN/START (3877385355): port='tty0' list='' action=LOGIN
service=ENABLE
4d02h: AAA/AUTHEN/START (3877385355): console enable - default to
enable password (if any)
4d02h: AAA/AUTHEN/START (3877385355): Method=ENABLE
4d02h: AAA/AUTHEN (3877385355): status = GETPASS
SW_SPARE#
4d02h: AAA/AUTHEN/CONT (3877385355): continue_login (user='(undef)')
4d02h: AAA/AUTHEN (3877385355): status = GETPASS
4d02h: AAA/AUTHEN/CONT (3877385355): Method=ENABLE
4d02h: AAA/AUTHEN (3877385355): status = PASS
4d02h: AAA/MEMORY: free_user (0x80CCFC34) user='' ruser='' port='tty0'
rem_addr='async' authen_type=ASCII service=ENABLE priv=15
SW_SPARE#
4d02h: AAA: parse name=tty1 idb type=-1 tty=-1
4d02h: AAA: name=tty1 flags=0x11 type=5 shelf=0 slot=0 adapter=0 port=1
channel=0
4d02h: AAA/MEMORY: create_user (0x80CDCAEC) user='' ruser=''
port='tty1' rem_addr='172.17.12.100' authen_type=ASCII service=LOGIN
priv=1
4d02h: AAA/AUTHEN/START (760582369): port='tty1' list='' action=LOGIN
service=LOGIN
4d02h: AAA/AUTHEN/START (760582369): non console login - defaults to
local database
4d02h: AAA/AUTHEN/START (760582369): Method=LOCAL
4d02h: AAA/AUTHEN (
SW_SPARE#760582369): status = GETUSER
SW_SPARE#
4d02h: AAA/AUTHEN/CONT (760582369): continue_login (user='(undef)')
4d02h: AAA/AUTHEN (760582369): status = GETUSER
4d02h: AAA/AUTHEN/CONT (760582369): Method=LOCAL
4d02h: AAA/AUTHEN (760582369): status = GETPASS
SW_SPARE#
4d02h: AAA/AUTHEN/CONT (760582369): continue_login (user='cisco')
4d02h: AAA/AUTHEN (760582369): status = GETPASS
4d02h: AAA/AUTHEN/CONT (760582369): Method=LOCAL
4d02h: AAA/AUTHEN (760582369): status = PASS
SW_SPARE#
4d02h: AAA/MEMORY: free_user (0x80CDCAEC) user='cisco' ruser=''
port='tty1' rem_addr='172.17.12.100' authen_type=ASCII service=LOGIN
priv=1
SW_SPARE#
4d02h: dot1x-registry:** dot1x_vp_statechange:
4d02h: dot1x-ev:vlan 20 vp is removed on the interface FastEthernet0/24
4d02h: dot1x-ev:Now Processing: 20 link DOWN for FastEthernet0/24,
accss_vlan = 20, oper_vlan = 20
4d02h: dot1x-registry:dot1x_port_modechange invoked on interface
FastEthernet0/24
4d02h: dot1x-registry:dot1x_port_linkchange invoked on interface
FastEthernet0/24
4d02h: dot1x-err:calling pm_idb_set_port_access_oper_vlanid with
vlan=12
4d02h: dot1x-ev:supp_info=80CD3594 txWhen_timer
SW_SPARE#=80CD35E4 quietWhile_timer=80CD35A4reAuthWhen_timer=80CD35C4
awhile_timer=80CD3604

4d02h: dot1x-ev:destroy supplicant block for 0000.0000.0000

4d02h: dot1x-ev:Enter function dot1x_aaa_acct_end
4d02h: dot1x-ev:Found a supplicant block for mac 0000.0000.0000
80CD3594

4d02h: dot1x-ev:Found a supplicant block for mac 0000.0000.0000
80CD3594

4d02h: dot1x-ev:dot1x_port_cleanup_author: cleanup author on interface
FastEthernet0/24
4d02h: dot1x-ev:dot1x_post_message_to_auth_sm: cleanup author from int
SW_SPARE#erface FastEthernet0/24
4d02h: %LINEPROTO-5-UPDOWN: Line protocol on Interface
FastEthernet0/24, changed state to down
4d02h: dot1x-registry:dot1x_port_linkchange invoked on interface
FastEthernet0/24
4d02h: dot1x-registry:dot1x_port_linkcomingup invoked on interface
FastEthernet0/24
4d02h: dot1x-ev:dot1x_port_enable: set dot1x ask handler on interface
FastEthernet0/24
4d02h: dot1x_auth Fa0/24: initial state auth_initialize has enter
4d02h: dot1x-sm:Fa0/24:0000.0000.0000:auth_initialize_enter cal
SW_SPARE#led
4d02h: dot1x-ev:auth_initialize_enter:0000.0000.0000: Current ID=0

4d02h: dot1x_auth Fa0/24: during state auth_initialize, got event
0(cfg_auto)
4d02h: @@@ dot1x_auth Fa0/24: auth_initialize -> auth_disconnected
4d02h: dot1x-sm:Fa0/24:0000.0000.0000:auth_disconnected_enter_action
called
4d02h: dot1x-sm:
dot1x_update_port_status called with port_status =
DOT1X_PORT_STATUS_UNAUTHORIZED
4d02h: dot1x-ev:dot1x_port_cleanup_author: cleanup author on interface
FastEthernet0/24
4d02h: dot1x-ev:do
SW_SPARE#t1x_update_port_status: Called with host_mode=0 state
UNAUTHORIZED

4d02h: dot1x-ev:dot1x_update_port_status: using mac 0000.0000.0000 to
send port to unauthorized on vlan 0

4d02h: dot1x-ev:Found a supplicant block for mac 0000.0000.0000
80CD3594

4d02h: dot1x-ev:dot1x_port_unauthorized: Host-mode=0 radius/guest
vlan=0 on FastEthernet0/24

4d02h: dot1x-ev: GuestVlan configured=0

4d02h: dot1x-ev:supplicant 0000.0000.0000 is default

4d02h: dot1x-ev:supplicant 0000.0000.0000 is last

4d02h
SW_SPARE#: dot1x-ev:Found a supplicant block for mac 0000.0000.0000
80CD3594

4d02h: dot1x-ev:0000.0000.0000 is now unauthorized on port
FastEthernet0/24
4d02h: dot1x-ev:dot1x_port_cleanup_author: cleanup author on interface
FastEthernet0/24
4d02h: dot1x-ev:Enter function dot1x_aaa_acct_end
4d02h: dot1x-ev:Found a supplicant block for mac 0000.0000.0000
80CD3594

4d02h: dot1x-ev:Found a supplicant block for mac 0000.0000.0000
80CD3594

4d02h: dot1x_auth Fa0/24: idle during state auth_disconnected
4d02
SW_SPARE#h: @@@ dot1x_auth Fa0/24: auth_disconnected -> auth_connecting
4d02h: dot1x-sm:Fa0/24:0000.0000.0000:auth_connecting_enter called
4d02h: dot1x_bend Fa0/24: initial state dot1x_bend_initialize has
enter
4d02h: dot1x-smot1x Initialize State Entered
4d02h: dot1x_bend Fa0/24: initial state dot1x_bend_initialize has
idle
4d02h: dot1x_bend Fa0/24: during state dot1x_bend_initialize, got
event 16383(idle)
4d02h: @@@ dot1x_bend Fa0/24: dot1x_bend_initialize -> dot1x_bend_idle
4d02h: dot1x-sm
SW_SPARE#ot1x Idle State Entered
4d02h: dot1x-ev:Created port supplicant block 0000.0000.0000
expected_id=0 current_id=0

4d02h: dot1x-ev:dot1x_init_sb_oper_infoefault port supplicant at
memloc 80CD3594

4d02h: dot1x-ev:dot1x_post_message_to_auth_sm: cleanup author from
interface FastEthernet0/24
4d02h: dot1x-ev:
dot1x_post_message_to_auth_sm:0000.0000.0000: Sending TX_FAIL

4d02h: dot1x-ev:dot1x_post_message_to_auth_sm:0000.0000.0000: Current
ID=1

4d02h: dot1x-ev:Transmitting an EAPOL frame on FastEt
SW_SPARE#hernet0/24
4d02h: dot1x-packet:Tx EAP-Failure, id 0, ver 1, len 4 (Fa0/24)
4d02h: dot1x-registry:registry:dot1x_ether_macaddr called
4d02h: dot1x-packet:Tx sa=0014.695e.d598, da=0180.c200.0003, et 888E
(Fa0/24)
4d02h: dot1x-ev:dot1x_post_message_to_auth_sm: cleanup author from
interface FastEthernet0/24
4d02h: dot1x-ev:dot1x_post_message_to_auth_sm: Tx for req_id for
supplicant 0000.0000.0000

4d02h: dot1x-ev:Transmitting an EAPOL frame on FastEthernet0/24
4d02h: dot1x-packet:Tx EAP-Request(Id), id
SW_SPARE# 1, ver 1, len 5 (Fa0/24)
4d02h: dot1x-registry:registry:dot1x_ether_macaddr called
4d02h: dot1x-packet:Tx sa=0014.695e.d598, da=0180.c200.0003, et 888E
(Fa0/24)
SW_SPARE#
SW_SPARE#
SW_SPARE#
SW_SPARE#
SW_SPARE#
SW_SPARE#
SW_SPARE#
SW_SPARE#
SW_SPARE#
SW_SPARE#
SW_SPARE#
SW_SPARE#
SW_SPARE#
SW_SPARE#
SW_SPARE#
4d02h: dot1x-registry:dot1x_port_linkchange invoked on interface
FastEthernet0/24
4d02h: dot1x-ev:supp_info=80CD3594 txWhen_timer=80CD35E4
quietWhile_timer=80CD35A4reAuthWhen_timer=80CD35C4
awhile_timer=80CD3604

4d02h: dot1x-ev:destroy supplicant block for 0000.0000.0000

4d02h: dot1x-ev:Enter function dot1x_aaa_acct_end
4d02h: dot1x-ev:Found a supplicant block for mac 0000.0000.0000
80CD3594

4d02h: dot1x-ev:Found a supplicant block for mac 0000.0000.0000
80CD3594

4d02h: dot1x-ev:dot1x_port_
SW_SPARE#
SW_SPARE#
SW_SPARE#
SW_SPARE#
SW_SPARE#cleanup_author: cleanup author on interface FastEthernet0/24
4d02h: dot1x-ev:dot1x_post_message_to_auth_sm: cleanup author from
interface FastEthernet0/24
4d02h: dot1x-registry:dot1x_port_linkchange invoked on interface
FastEthernet0/24
4d02h: dot1x-registry:dot1x_port_linkcomingup invoked on interface
FastEthernet0/24
4d02h: dot1x-ev:dot1x_port_enable: set dot1x ask handler on interface
FastEthernet0/24
4d02h: dot1x_auth Fa0/24: initial state auth_initialize has enter
4d02h: dot1x-sm:Fa0/24:0000
SW_SPARE#.0000.0000:auth_initialize_enter called
4d02h: dot1x-ev:auth_initialize_enter:0000.0000.0000: Current ID=0

4d02h: dot1x_auth Fa0/24: during state auth_initialize, got event
0(cfg_auto)
4d02h: @@@ dot1x_auth Fa0/24: auth_initialize -> auth_disconnected
4d02h: dot1x-sm:Fa0/24:0000.0000.0000:auth_disconnected_enter_action
called
4d02h: dot1x-sm:
dot1x_update_port_status called with port_status =
DOT1X_PORT_STATUS_UNAUTHORIZED
4d02h: dot1x-ev:dot1x_port_cleanup_author: cleanup author on interface
SW_SPARE#FastEthernet0/24
4d02h: dot1x-ev:dot1x_update_port_status: Called with host_mode=0 state
UNAUTHORIZED

4d02h: dot1x-ev:dot1x_update_port_status: using mac 0000.0000.0000 to
send port to unauthorized on vlan 0

4d02h: dot1x-ev:Found a supplicant block for mac 0000.0000.0000
80CD3594

4d02h: dot1x-ev:dot1x_port_unauthorized: Host-mode=0 radius/guest
vlan=0 on FastEthernet0/24

4d02h: dot1x-ev: GuestVlan configured=0

4d02h: dot1x-ev:supplicant 0000.0000.0000 is default

4d02h: dot1x-ev:suppli
SW_SPARE#cant 0000.0000.0000 is last

4d02h: dot1x-ev:Found a supplicant block for mac 0000.0000.0000
80CD3594

4d02h: dot1x-ev:0000.0000.0000 is now unauthorized on port
FastEthernet0/24
4d02h: dot1x-ev:dot1x_port_cleanup_author: cleanup author on interface
FastEthernet0/24
4d02h: dot1x-ev:Enter function dot1x_aaa_acct_end
4d02h: dot1x-ev:Found a supplicant block for mac 0000.0000.0000
80CD3594

4d02h: dot1x-ev:Found a supplicant block for mac 0000.0000.0000
80CD3594

4d02h: dot1x_auth Fa0/24: idle
SW_SPARE#during state auth_disconnected
4d02h: @@@ dot1x_auth Fa0/24: auth_disconnected -> auth_connecting
4d02h: dot1x-sm:Fa0/24:0000.0000.0000:auth_connecting_enter called
4d02h: dot1x_bend Fa0/24: initial state dot1x_bend_initialize has
enter
4d02h: dot1x-smot1x Initialize State Entered
4d02h: dot1x_bend Fa0/24: initial state dot1x_bend_initialize has
idle
4d02h: dot1x_bend Fa0/24: during state dot1x_bend_initialize, got
event 16383(idle)
4d02h: @@@ dot1x_bend Fa0/24: dot1x_bend_initialize -
SW_SPARE#> dot1x_bend_idle
4d02h: dot1x-smot1x Idle State Entered
4d02h: dot1x-ev:Created port supplicant block 0000.0000.0000
expected_id=0 current_id=0

4d02h: dot1x-ev:dot1x_init_sb_oper_infoefault port supplicant at
memloc 80CD3594

4d02h: dot1x-ev:dot1x_post_message_to_auth_sm: cleanup author from
interface FastEthernet0/24
4d02h: dot1x-ev:
dot1x_post_message_to_auth_sm:0000.0000.0000: Sending TX_FAIL

4d02h: dot1x-ev:dot1x_post_message_to_auth_sm:0000.0000.0000: Current
ID=1

4d02h: dot1x-ev:T
SW_SPARE#ransmitting an EAPOL frame on FastEthernet0/24
4d02h: dot1x-packet:Tx EAP-Failure, id 0, ver 1, len 4 (Fa0/24)
4d02h: dot1x-registry:registry:dot1x_ether_macaddr called
4d02h: dot1x-packet:Tx sa=0014.695e.d598, da=0180.c200.0003, et 888E
(Fa0/24)
4d02h: dot1x-ev:dot1x_post_message_to_auth_sm: cleanup author from
interface FastEthernet0/24
4d02h: dot1x-ev:dot1x_post_message_to_auth_sm: Tx for req_id for
supplicant 0000.0000.0000

4d02h: dot1x-ev:Transmitting an EAPOL frame on FastEthernet0/24
4d02h:
SW_SPARE# dot1x-packet:Tx EAP-Request(Id), id 1, ver 1, len 5 (Fa0/24)
4d02h: dot1x-registry:registry:dot1x_ether_macaddr called
4d02h: dot1x-packet:Tx sa=0014.695e.d598, da=0180.c200.0003, et 888E
(Fa0/24)
SW_SPARE#
4d02h: dot1x-sm:Fa0/24:0000.0000.0000:dot1x_process_txWhen_expire
called
4d02h: dot1x_auth Fa0/24: during state auth_connecting, got event
18(txWhen_expire)
4d02h: @@@ dot1x_auth Fa0/24: auth_connecting -> auth_connecting
4d02h: dot1x-sm:Fa0/24:0000.0000.0000:auth_connecting_connecting_actio n
called
4d02h: dot1x-ev:dot1x_post_message_to_auth_sm: Tx for req_id for
supplicant 0000.0000.0000

4d02h: dot1x-ev:Transmitting an EAPOL frame on FastEthernet0/24
4d02h: dot1x-packet:Tx EAP-Request(Id), i
SW_SPARE#d 1, ver 1, len 5 (Fa0/24)
4d02h: dot1x-registry:registry:dot1x_ether_macaddr called
4d02h: dot1x-packet:Tx sa=0014.695e.d598, da=0180.c200.0003, et 888E
(Fa0/24)
SW_SPARE#
4d02h: dot1x-sm:Fa0/24:0000.0000.0000:dot1x_process_txWhen_expire
called
4d02h: dot1x_auth Fa0/24: during state auth_connecting, got event
18(txWhen_expire)
4d02h: @@@ dot1x_auth Fa0/24: auth_connecting -> auth_connecting
4d02h: dot1x-sm:Fa0/24:0000.0000.0000:auth_connecting_connecting_actio n
called
4d02h: dot1x-sm:dot1x_auth_connecting_action:0000.0000.0000
reauth_count=3 exceeded DOT1X_DEFAULT_REAUTH_MAX

4d02h: dot1x-evefault and only instance. evaluation for guest vlan
move

4d02h:
SW_SPARE#dot1x_auth Fa0/24: during state auth_connecting, got event
7(authSuccess)
4d02h: @@@ dot1x_auth Fa0/24: auth_connecting -> auth_authenticated
4d02h: dot1x-sm:Fa0/24:0000.0000.0000:auth_connecting_exit alled
4d02h: dot1x-sm:Fa0/24:0000.0000.0000:auth_authenticated_enter called
4d02h: dot1x-sm:
dot1x_update_port_status called with port_status =
DOT1X_PORT_STATUS_AUTHORIZED
4d02h: dot1x-ev:dot1x_update_port_status: using mac 0000.0000.0000 to
send port to authorized

4d02h: dot1x-ev:dot1x_update_port_
SW_SPARE#status: using mac 0000.0000.0000 to send port to authorized

4d02h: dot1x-ev:Found a supplicant block for mac 0000.0000.0000
80CD3594

4d02h: dot1x-ev:dot1x_port_authorized:supplicant 0000.0000.0000 is
first, old vlan 1, new vlan 20
4d02h: dot1x-ev:dot1x_port_authorized: Host-mode=0 radius/guest vlan=20

4d02h: dot1x-ev: GuestVlan configured=1

4d02h: dot1x-registry:** dot1x_vp_statechange:
4d02h: dot1x-ev:vlan 20 vp is added on the interface FastEthernet0/24
4d02h: dot1x-registry:dot1x_port_
SW_SPARE#modechange invoked on interface FastEthernet0/24
4d02h: dot1x-ev:dot1x_port_authorized: clearing HA table from vlan 1

4d02h: dot1x-ev:dot1x_update_port_status:0000.0000.0000: Current ID=1

4d02h: dot1x-ev:Transmitting an EAPOL frame on FastEthernet0/24
4d02h: dot1x-packet:Tx EAP-Success, id 1, ver 1, len 4 (Fa0/24)
4d02h: dot1x-registry:registry:dot1x_ether_macaddr called
4d02h: dot1x-packet:Tx sa=0014.695e.d598, da=0180.c200.0003, et 888E
(Fa0/24)
4d02h: dot1x-ev:Found a supplicant block for mac
SW_SPARE# 0000.0000.0000 80CD3594

4d02h: dot1x-ev:0000.0000.0000 is now authorized on port
FastEthernet0/24
4d02h: dot1x-ev:Searching DHCP snooping binding table for
0000.0000.0000/20
4d02h: dot1x-ev:No binding found
4d02h: %LINEPROTO-5-UPDOWN: Line protocol on Interface
FastEthernet0/24, changed state to up
SW_SPARE#


Can you tell me what is going on here? I do not see any enteries in my
IAS logs? What am i doing wrong.

PWM

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
differnce between a 2950 xl and a 2950 Cisco switch? Tacobell Cisco 5 03-13-2007 07:18 AM
IPSEC Microsoft IAS Authentication - Cisco VPN Client machine Cisco 1 08-17-2006 11:49 AM
micorsoft - correct spelling!! martmoover Computer Support 7 12-08-2003 10:13 PM
Help with Micorsoft Agent Roberto S. ASP General 0 09-11-2003 07:14 PM
s there a module to acess Micorsoft Access datafiles? Stan Brown Perl Misc 11 07-20-2003 05:17 AM



Advertisments