Settinup 802.ix authentication with cisco 2950 and Micorsoft IAS

Discussion in 'Cisco' started by wisdom1999@gmail.com, Jan 27, 2006.

  1. Guest

    I have a project to stop rogue users form pluging onto my network. I
    have seen where cisco switches can do port authentication with a radius
    server. I would like to setup and IAS server on win2k3 as my radius
    server. Can anyone provide me with configuration guides to configure
    the switch as well as the IAS server? I would really appreciate the
    assistance.

    PWM
     
    , Jan 27, 2006
    #1
    1. Advertising

  2. Guest

    , Jan 27, 2006
    #2
    1. Advertising

  3. Guest

    Thanks for your reply. I tried it but i think that i am still doing
    something wrong.

    Here is a copy of the dubug i did on my 802.1x
    SW_SPARE>en
    Password:
    4d02h: AAA: parse name=tty0 idb type=-1 tty=-1
    4d02h: AAA: name=tty0 flags=0x11 type=4 shelf=0 slot=0 adapter=0 port=0
    channel=0
    4d02h: AAA/MEMORY: create_user (0x80CC7D30) user='' ruser=''
    port='tty0' rem_addr='async' authen_type=ASCII service=LOGIN priv=1
    4d02h: AAA/AUTHEN/START (1449486165): port='tty0' list='' action=LOGIN
    service=LOGIN
    4d02h: AAA/AUTHEN/START (1449486165): console login - default to "no
    auth required"
    4d02h: AAA/AUTHEN/START (1449486165): Method=NONE
    4d02h: AAA/AUTHEN (1449486165): status = PASS
    4d02h: AAA: parse name=tty0 idb type=-1 tty=-1
    4d02h: AAA: name=tty0 flags=0x11 type=4 shelf=0 slot=0 adapter=0 port=0
    channel=0
    4d02h: AAA/MEMORY: create_user (0x80CCFC34) user='' ruser=''
    port='tty0' rem_addr='async' authen_type=ASCII service=ENABLE priv=15
    4d02h: AAA/AUTHEN/START (3877385355): port='tty0' list='' action=LOGIN
    service=ENABLE
    4d02h: AAA/AUTHEN/START (3877385355): console enable - default to
    enable password (if any)
    4d02h: AAA/AUTHEN/START (3877385355): Method=ENABLE
    4d02h: AAA/AUTHEN (3877385355): status = GETPASS
    SW_SPARE#
    4d02h: AAA/AUTHEN/CONT (3877385355): continue_login (user='(undef)')
    4d02h: AAA/AUTHEN (3877385355): status = GETPASS
    4d02h: AAA/AUTHEN/CONT (3877385355): Method=ENABLE
    4d02h: AAA/AUTHEN (3877385355): status = PASS
    4d02h: AAA/MEMORY: free_user (0x80CCFC34) user='' ruser='' port='tty0'
    rem_addr='async' authen_type=ASCII service=ENABLE priv=15
    SW_SPARE#
    4d02h: AAA: parse name=tty1 idb type=-1 tty=-1
    4d02h: AAA: name=tty1 flags=0x11 type=5 shelf=0 slot=0 adapter=0 port=1
    channel=0
    4d02h: AAA/MEMORY: create_user (0x80CDCAEC) user='' ruser=''
    port='tty1' rem_addr='172.17.12.100' authen_type=ASCII service=LOGIN
    priv=1
    4d02h: AAA/AUTHEN/START (760582369): port='tty1' list='' action=LOGIN
    service=LOGIN
    4d02h: AAA/AUTHEN/START (760582369): non console login - defaults to
    local database
    4d02h: AAA/AUTHEN/START (760582369): Method=LOCAL
    4d02h: AAA/AUTHEN (
    SW_SPARE#760582369): status = GETUSER
    SW_SPARE#
    4d02h: AAA/AUTHEN/CONT (760582369): continue_login (user='(undef)')
    4d02h: AAA/AUTHEN (760582369): status = GETUSER
    4d02h: AAA/AUTHEN/CONT (760582369): Method=LOCAL
    4d02h: AAA/AUTHEN (760582369): status = GETPASS
    SW_SPARE#
    4d02h: AAA/AUTHEN/CONT (760582369): continue_login (user='cisco')
    4d02h: AAA/AUTHEN (760582369): status = GETPASS
    4d02h: AAA/AUTHEN/CONT (760582369): Method=LOCAL
    4d02h: AAA/AUTHEN (760582369): status = PASS
    SW_SPARE#
    4d02h: AAA/MEMORY: free_user (0x80CDCAEC) user='cisco' ruser=''
    port='tty1' rem_addr='172.17.12.100' authen_type=ASCII service=LOGIN
    priv=1
    SW_SPARE#
    4d02h: dot1x-registry:** dot1x_vp_statechange:
    4d02h: dot1x-ev:vlan 20 vp is removed on the interface FastEthernet0/24
    4d02h: dot1x-ev:Now Processing: 20 link DOWN for FastEthernet0/24,
    accss_vlan = 20, oper_vlan = 20
    4d02h: dot1x-registry:dot1x_port_modechange invoked on interface
    FastEthernet0/24
    4d02h: dot1x-registry:dot1x_port_linkchange invoked on interface
    FastEthernet0/24
    4d02h: dot1x-err:calling pm_idb_set_port_access_oper_vlanid with
    vlan=12
    4d02h: dot1x-ev:supp_info=80CD3594 txWhen_timer
    SW_SPARE#=80CD35E4 quietWhile_timer=80CD35A4reAuthWhen_timer=80CD35C4
    awhile_timer=80CD3604

    4d02h: dot1x-ev:destroy supplicant block for 0000.0000.0000

    4d02h: dot1x-ev:Enter function dot1x_aaa_acct_end
    4d02h: dot1x-ev:Found a supplicant block for mac 0000.0000.0000
    80CD3594

    4d02h: dot1x-ev:Found a supplicant block for mac 0000.0000.0000
    80CD3594

    4d02h: dot1x-ev:dot1x_port_cleanup_author: cleanup author on interface
    FastEthernet0/24
    4d02h: dot1x-ev:dot1x_post_message_to_auth_sm: cleanup author from int
    SW_SPARE#erface FastEthernet0/24
    4d02h: %LINEPROTO-5-UPDOWN: Line protocol on Interface
    FastEthernet0/24, changed state to down
    4d02h: dot1x-registry:dot1x_port_linkchange invoked on interface
    FastEthernet0/24
    4d02h: dot1x-registry:dot1x_port_linkcomingup invoked on interface
    FastEthernet0/24
    4d02h: dot1x-ev:dot1x_port_enable: set dot1x ask handler on interface
    FastEthernet0/24
    4d02h: dot1x_auth Fa0/24: initial state auth_initialize has enter
    4d02h: dot1x-sm:Fa0/24:0000.0000.0000:auth_initialize_enter cal
    SW_SPARE#led
    4d02h: dot1x-ev:auth_initialize_enter:0000.0000.0000: Current ID=0

    4d02h: dot1x_auth Fa0/24: during state auth_initialize, got event
    0(cfg_auto)
    4d02h: @@@ dot1x_auth Fa0/24: auth_initialize -> auth_disconnected
    4d02h: dot1x-sm:Fa0/24:0000.0000.0000:auth_disconnected_enter_action
    called
    4d02h: dot1x-sm:
    dot1x_update_port_status called with port_status =
    DOT1X_PORT_STATUS_UNAUTHORIZED
    4d02h: dot1x-ev:dot1x_port_cleanup_author: cleanup author on interface
    FastEthernet0/24
    4d02h: dot1x-ev:do
    SW_SPARE#t1x_update_port_status: Called with host_mode=0 state
    UNAUTHORIZED

    4d02h: dot1x-ev:dot1x_update_port_status: using mac 0000.0000.0000 to
    send port to unauthorized on vlan 0

    4d02h: dot1x-ev:Found a supplicant block for mac 0000.0000.0000
    80CD3594

    4d02h: dot1x-ev:dot1x_port_unauthorized: Host-mode=0 radius/guest
    vlan=0 on FastEthernet0/24

    4d02h: dot1x-ev: GuestVlan configured=0

    4d02h: dot1x-ev:supplicant 0000.0000.0000 is default

    4d02h: dot1x-ev:supplicant 0000.0000.0000 is last

    4d02h
    SW_SPARE#: dot1x-ev:Found a supplicant block for mac 0000.0000.0000
    80CD3594

    4d02h: dot1x-ev:0000.0000.0000 is now unauthorized on port
    FastEthernet0/24
    4d02h: dot1x-ev:dot1x_port_cleanup_author: cleanup author on interface
    FastEthernet0/24
    4d02h: dot1x-ev:Enter function dot1x_aaa_acct_end
    4d02h: dot1x-ev:Found a supplicant block for mac 0000.0000.0000
    80CD3594

    4d02h: dot1x-ev:Found a supplicant block for mac 0000.0000.0000
    80CD3594

    4d02h: dot1x_auth Fa0/24: idle during state auth_disconnected
    4d02
    SW_SPARE#h: @@@ dot1x_auth Fa0/24: auth_disconnected -> auth_connecting
    4d02h: dot1x-sm:Fa0/24:0000.0000.0000:auth_connecting_enter called
    4d02h: dot1x_bend Fa0/24: initial state dot1x_bend_initialize has
    enter
    4d02h: dot1x-sm:Dot1x Initialize State Entered
    4d02h: dot1x_bend Fa0/24: initial state dot1x_bend_initialize has
    idle
    4d02h: dot1x_bend Fa0/24: during state dot1x_bend_initialize, got
    event 16383(idle)
    4d02h: @@@ dot1x_bend Fa0/24: dot1x_bend_initialize -> dot1x_bend_idle
    4d02h: dot1x-sm:D
    SW_SPARE#ot1x Idle State Entered
    4d02h: dot1x-ev:Created port supplicant block 0000.0000.0000
    expected_id=0 current_id=0

    4d02h: dot1x-ev:dot1x_init_sb_oper_info:Default port supplicant at
    memloc 80CD3594

    4d02h: dot1x-ev:dot1x_post_message_to_auth_sm: cleanup author from
    interface FastEthernet0/24
    4d02h: dot1x-ev:
    dot1x_post_message_to_auth_sm:0000.0000.0000: Sending TX_FAIL

    4d02h: dot1x-ev:dot1x_post_message_to_auth_sm:0000.0000.0000: Current
    ID=1

    4d02h: dot1x-ev:Transmitting an EAPOL frame on FastEt
    SW_SPARE#hernet0/24
    4d02h: dot1x-packet:Tx EAP-Failure, id 0, ver 1, len 4 (Fa0/24)
    4d02h: dot1x-registry:registry:dot1x_ether_macaddr called
    4d02h: dot1x-packet:Tx sa=0014.695e.d598, da=0180.c200.0003, et 888E
    (Fa0/24)
    4d02h: dot1x-ev:dot1x_post_message_to_auth_sm: cleanup author from
    interface FastEthernet0/24
    4d02h: dot1x-ev:dot1x_post_message_to_auth_sm: Tx for req_id for
    supplicant 0000.0000.0000

    4d02h: dot1x-ev:Transmitting an EAPOL frame on FastEthernet0/24
    4d02h: dot1x-packet:Tx EAP-Request(Id), id
    SW_SPARE# 1, ver 1, len 5 (Fa0/24)
    4d02h: dot1x-registry:registry:dot1x_ether_macaddr called
    4d02h: dot1x-packet:Tx sa=0014.695e.d598, da=0180.c200.0003, et 888E
    (Fa0/24)
    SW_SPARE#
    SW_SPARE#
    SW_SPARE#
    SW_SPARE#
    SW_SPARE#
    SW_SPARE#
    SW_SPARE#
    SW_SPARE#
    SW_SPARE#
    SW_SPARE#
    SW_SPARE#
    SW_SPARE#
    SW_SPARE#
    SW_SPARE#
    SW_SPARE#
    4d02h: dot1x-registry:dot1x_port_linkchange invoked on interface
    FastEthernet0/24
    4d02h: dot1x-ev:supp_info=80CD3594 txWhen_timer=80CD35E4
    quietWhile_timer=80CD35A4reAuthWhen_timer=80CD35C4
    awhile_timer=80CD3604

    4d02h: dot1x-ev:destroy supplicant block for 0000.0000.0000

    4d02h: dot1x-ev:Enter function dot1x_aaa_acct_end
    4d02h: dot1x-ev:Found a supplicant block for mac 0000.0000.0000
    80CD3594

    4d02h: dot1x-ev:Found a supplicant block for mac 0000.0000.0000
    80CD3594

    4d02h: dot1x-ev:dot1x_port_
    SW_SPARE#
    SW_SPARE#
    SW_SPARE#
    SW_SPARE#
    SW_SPARE#cleanup_author: cleanup author on interface FastEthernet0/24
    4d02h: dot1x-ev:dot1x_post_message_to_auth_sm: cleanup author from
    interface FastEthernet0/24
    4d02h: dot1x-registry:dot1x_port_linkchange invoked on interface
    FastEthernet0/24
    4d02h: dot1x-registry:dot1x_port_linkcomingup invoked on interface
    FastEthernet0/24
    4d02h: dot1x-ev:dot1x_port_enable: set dot1x ask handler on interface
    FastEthernet0/24
    4d02h: dot1x_auth Fa0/24: initial state auth_initialize has enter
    4d02h: dot1x-sm:Fa0/24:0000
    SW_SPARE#.0000.0000:auth_initialize_enter called
    4d02h: dot1x-ev:auth_initialize_enter:0000.0000.0000: Current ID=0

    4d02h: dot1x_auth Fa0/24: during state auth_initialize, got event
    0(cfg_auto)
    4d02h: @@@ dot1x_auth Fa0/24: auth_initialize -> auth_disconnected
    4d02h: dot1x-sm:Fa0/24:0000.0000.0000:auth_disconnected_enter_action
    called
    4d02h: dot1x-sm:
    dot1x_update_port_status called with port_status =
    DOT1X_PORT_STATUS_UNAUTHORIZED
    4d02h: dot1x-ev:dot1x_port_cleanup_author: cleanup author on interface
    SW_SPARE#FastEthernet0/24
    4d02h: dot1x-ev:dot1x_update_port_status: Called with host_mode=0 state
    UNAUTHORIZED

    4d02h: dot1x-ev:dot1x_update_port_status: using mac 0000.0000.0000 to
    send port to unauthorized on vlan 0

    4d02h: dot1x-ev:Found a supplicant block for mac 0000.0000.0000
    80CD3594

    4d02h: dot1x-ev:dot1x_port_unauthorized: Host-mode=0 radius/guest
    vlan=0 on FastEthernet0/24

    4d02h: dot1x-ev: GuestVlan configured=0

    4d02h: dot1x-ev:supplicant 0000.0000.0000 is default

    4d02h: dot1x-ev:suppli
    SW_SPARE#cant 0000.0000.0000 is last

    4d02h: dot1x-ev:Found a supplicant block for mac 0000.0000.0000
    80CD3594

    4d02h: dot1x-ev:0000.0000.0000 is now unauthorized on port
    FastEthernet0/24
    4d02h: dot1x-ev:dot1x_port_cleanup_author: cleanup author on interface
    FastEthernet0/24
    4d02h: dot1x-ev:Enter function dot1x_aaa_acct_end
    4d02h: dot1x-ev:Found a supplicant block for mac 0000.0000.0000
    80CD3594

    4d02h: dot1x-ev:Found a supplicant block for mac 0000.0000.0000
    80CD3594

    4d02h: dot1x_auth Fa0/24: idle
    SW_SPARE#during state auth_disconnected
    4d02h: @@@ dot1x_auth Fa0/24: auth_disconnected -> auth_connecting
    4d02h: dot1x-sm:Fa0/24:0000.0000.0000:auth_connecting_enter called
    4d02h: dot1x_bend Fa0/24: initial state dot1x_bend_initialize has
    enter
    4d02h: dot1x-sm:Dot1x Initialize State Entered
    4d02h: dot1x_bend Fa0/24: initial state dot1x_bend_initialize has
    idle
    4d02h: dot1x_bend Fa0/24: during state dot1x_bend_initialize, got
    event 16383(idle)
    4d02h: @@@ dot1x_bend Fa0/24: dot1x_bend_initialize -
    SW_SPARE#> dot1x_bend_idle
    4d02h: dot1x-sm:Dot1x Idle State Entered
    4d02h: dot1x-ev:Created port supplicant block 0000.0000.0000
    expected_id=0 current_id=0

    4d02h: dot1x-ev:dot1x_init_sb_oper_info:Default port supplicant at
    memloc 80CD3594

    4d02h: dot1x-ev:dot1x_post_message_to_auth_sm: cleanup author from
    interface FastEthernet0/24
    4d02h: dot1x-ev:
    dot1x_post_message_to_auth_sm:0000.0000.0000: Sending TX_FAIL

    4d02h: dot1x-ev:dot1x_post_message_to_auth_sm:0000.0000.0000: Current
    ID=1

    4d02h: dot1x-ev:T
    SW_SPARE#ransmitting an EAPOL frame on FastEthernet0/24
    4d02h: dot1x-packet:Tx EAP-Failure, id 0, ver 1, len 4 (Fa0/24)
    4d02h: dot1x-registry:registry:dot1x_ether_macaddr called
    4d02h: dot1x-packet:Tx sa=0014.695e.d598, da=0180.c200.0003, et 888E
    (Fa0/24)
    4d02h: dot1x-ev:dot1x_post_message_to_auth_sm: cleanup author from
    interface FastEthernet0/24
    4d02h: dot1x-ev:dot1x_post_message_to_auth_sm: Tx for req_id for
    supplicant 0000.0000.0000

    4d02h: dot1x-ev:Transmitting an EAPOL frame on FastEthernet0/24
    4d02h:
    SW_SPARE# dot1x-packet:Tx EAP-Request(Id), id 1, ver 1, len 5 (Fa0/24)
    4d02h: dot1x-registry:registry:dot1x_ether_macaddr called
    4d02h: dot1x-packet:Tx sa=0014.695e.d598, da=0180.c200.0003, et 888E
    (Fa0/24)
    SW_SPARE#
    4d02h: dot1x-sm:Fa0/24:0000.0000.0000:dot1x_process_txWhen_expire
    called
    4d02h: dot1x_auth Fa0/24: during state auth_connecting, got event
    18(txWhen_expire)
    4d02h: @@@ dot1x_auth Fa0/24: auth_connecting -> auth_connecting
    4d02h: dot1x-sm:Fa0/24:0000.0000.0000:auth_connecting_connecting_action
    called
    4d02h: dot1x-ev:dot1x_post_message_to_auth_sm: Tx for req_id for
    supplicant 0000.0000.0000

    4d02h: dot1x-ev:Transmitting an EAPOL frame on FastEthernet0/24
    4d02h: dot1x-packet:Tx EAP-Request(Id), i
    SW_SPARE#d 1, ver 1, len 5 (Fa0/24)
    4d02h: dot1x-registry:registry:dot1x_ether_macaddr called
    4d02h: dot1x-packet:Tx sa=0014.695e.d598, da=0180.c200.0003, et 888E
    (Fa0/24)
    SW_SPARE#
    4d02h: dot1x-sm:Fa0/24:0000.0000.0000:dot1x_process_txWhen_expire
    called
    4d02h: dot1x_auth Fa0/24: during state auth_connecting, got event
    18(txWhen_expire)
    4d02h: @@@ dot1x_auth Fa0/24: auth_connecting -> auth_connecting
    4d02h: dot1x-sm:Fa0/24:0000.0000.0000:auth_connecting_connecting_action
    called
    4d02h: dot1x-sm:dot1x_auth_connecting_action:0000.0000.0000
    reauth_count=3 exceeded DOT1X_DEFAULT_REAUTH_MAX

    4d02h: dot1x-ev:Default and only instance. evaluation for guest vlan
    move

    4d02h:
    SW_SPARE#dot1x_auth Fa0/24: during state auth_connecting, got event
    7(authSuccess)
    4d02h: @@@ dot1x_auth Fa0/24: auth_connecting -> auth_authenticated
    4d02h: dot1x-sm:Fa0/24:0000.0000.0000:auth_connecting_exit alled
    4d02h: dot1x-sm:Fa0/24:0000.0000.0000:auth_authenticated_enter called
    4d02h: dot1x-sm:
    dot1x_update_port_status called with port_status =
    DOT1X_PORT_STATUS_AUTHORIZED
    4d02h: dot1x-ev:dot1x_update_port_status: using mac 0000.0000.0000 to
    send port to authorized

    4d02h: dot1x-ev:dot1x_update_port_
    SW_SPARE#status: using mac 0000.0000.0000 to send port to authorized

    4d02h: dot1x-ev:Found a supplicant block for mac 0000.0000.0000
    80CD3594

    4d02h: dot1x-ev:dot1x_port_authorized:supplicant 0000.0000.0000 is
    first, old vlan 1, new vlan 20
    4d02h: dot1x-ev:dot1x_port_authorized: Host-mode=0 radius/guest vlan=20

    4d02h: dot1x-ev: GuestVlan configured=1

    4d02h: dot1x-registry:** dot1x_vp_statechange:
    4d02h: dot1x-ev:vlan 20 vp is added on the interface FastEthernet0/24
    4d02h: dot1x-registry:dot1x_port_
    SW_SPARE#modechange invoked on interface FastEthernet0/24
    4d02h: dot1x-ev:dot1x_port_authorized: clearing HA table from vlan 1

    4d02h: dot1x-ev:dot1x_update_port_status:0000.0000.0000: Current ID=1

    4d02h: dot1x-ev:Transmitting an EAPOL frame on FastEthernet0/24
    4d02h: dot1x-packet:Tx EAP-Success, id 1, ver 1, len 4 (Fa0/24)
    4d02h: dot1x-registry:registry:dot1x_ether_macaddr called
    4d02h: dot1x-packet:Tx sa=0014.695e.d598, da=0180.c200.0003, et 888E
    (Fa0/24)
    4d02h: dot1x-ev:Found a supplicant block for mac
    SW_SPARE# 0000.0000.0000 80CD3594

    4d02h: dot1x-ev:0000.0000.0000 is now authorized on port
    FastEthernet0/24
    4d02h: dot1x-ev:Searching DHCP snooping binding table for
    0000.0000.0000/20
    4d02h: dot1x-ev:No binding found
    4d02h: %LINEPROTO-5-UPDOWN: Line protocol on Interface
    FastEthernet0/24, changed state to up
    SW_SPARE#


    Can you tell me what is going on here? I do not see any enteries in my
    IAS logs? What am i doing wrong.

    PWM
     
    , Jan 27, 2006
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Oli
    Replies:
    3
    Views:
    905
  2. Jeff
    Replies:
    2
    Views:
    1,945
  3. Replies:
    6
    Views:
    3,926
  4. martmoover

    micorsoft - correct spelling!!

    martmoover, Dec 8, 2003, in forum: Computer Support
    Replies:
    7
    Views:
    625
    Boomer
    Dec 8, 2003
  5. zillah
    Replies:
    0
    Views:
    745
    zillah
    Nov 9, 2006
Loading...

Share This Page