Cisco 802 config and MS IAS / Radius Server

Discussion in 'Cisco' started by Georg Dingler, Nov 8, 2006.

  1. Hello,

    I configured a Cisco 3750 for Radius Authentification for LAN Access in
    combination with the MS IAS (Radius) Server. The XP Client has DHCP
    configured. The Windows Eventlog tells that Access is granted, but the
    XP Client fails to get an IP address. Are additional attributes on the
    IAS Server necessary ? Thanks for a tip !

    Config of the IAS Server:

    Service-Type: Framed
    Tunnel-Medium-Type: 802
    Tunnel-Pvt-Group-ID: 0x03
    Tunnel-Type: Virtual LANs(VLAN)

    Certificate is configured and selected on the Windows XP Client.

    Config of the 3750:

    ....

    aaa new-model
    aaa authentication login local_authen local
    aaa authentication dot1x default group radius
    aaa authorization exec local_author local
    aaa authorization network default group radius

    ....

    interface FastEthernet1/0/24
    switchport access vlan 3
    switchport mode access
    switchport port-security
    dot1x pae authenticator
    dot1x port-control auto

    ....

    radius-server host 192.168.0.1 auth-port 1812 acct-port 1646 key radius
    radius-server source-ports 1645-1646

    ....

    Windows Eventlog:

    Benutzer "DOM\USER_TEST" wurde Zugriff gewährt.
    Vollqualifizierter Benutzername = DOM.test-it.de/Users/A_USER_TEST
    NAS-IP-Adresse = 192.168.0.199
    NAS-Kennung = <nicht vorhanden>
    Clientanzeigename = 3750
    Client-IP-Adresse = 192.168.0.199
    Kennung der Anruferstation = [MAC address of the XP Client NIC]
    NAS-Porttyp = Ethernet
    NAS-Port = 50124
    Proxyrichtlinienname = Windows-Authentifizierung für alle Benutzer
    verwenden
    Authentifizierungsanbieter = Windows
    Authentifizierungsserver = <unbestimmt>
    Richtlinienname = 3750
    Authentifizierungstyp = PEAP
    EAP-Typ = Sicheres Kennwort (EAP-MSCHAP v2)

    IAS Server Logfile:

    192.168.0.199,DOM\USER_TEST,11/06/2006,21:38:47,IAS,server,4128,3750,6,2,12,1500,30,00-13-C3-CE-F2-9A,31,[MAC

    address of the XP Client
    NIC],5,50124,61,15,4,192.168.0.199,4108,192.168.0.199,4116,9,4155,1,4154,Windows-Authentifizierung

    für alle Benutzer verwenden,4129,DOM\USER_TEST,4149,3750,25,311 1
    192.168.0.1 11/06/2006 16:54:04 264,4132,Sicheres Kennwort (EAP-MSCHAP
    v2),4127,11,4130,DOM.test-it.de/Users/A_USER_TEST,4136,1,4142,0
    192.168.0.199,DOM\USER_TEST,11/06/2006,21:38:47,IAS,server,4128,3750,25,311
    1 192.168.0.1 11/06/2006 16:54:04 264,4132,Sicheres Kennwort (EAP-MSCHAP
    v2),4127,11,8100,0,4108,192.168.0.199,4116,9,4155,1,4154,Windows-Authentifizierung

    für alle Benutzer
    verwenden,4129,DOM\USER_TEST,4149,3750,6,2,65,6,81,0x03,64,13,4130,DOM.test-it.de/Users/A_USER_TEST,4120,0x0148,4136,2,4142,0

    --
    Georg
    www.dingler-it.de
     
    Georg Dingler, Nov 8, 2006
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Jeff
    Replies:
    2
    Views:
    1,950
  2. wld
    Replies:
    0
    Views:
    700
  3. wld
    Replies:
    0
    Views:
    858
  4. Martin Bodenstedt
    Replies:
    6
    Views:
    9,450
    dbcooper_1
    Apr 13, 2009
  5. Friedrich Stockhammer

    Security - WLAN WPA(2) 802.1x, PKI/CA, IAS/Radius, Windows 2003 AD

    Friedrich Stockhammer, Jan 16, 2007, in forum: Wireless Networking
    Replies:
    0
    Views:
    698
    Friedrich Stockhammer
    Jan 16, 2007
Loading...

Share This Page