Cisco 802 config and MS IAS / Radius Server

Discussion in 'Cisco' started by Georg Dingler, Nov 8, 2006.

  1. Hello,

    I configured a Cisco 3750 for Radius Authentification for LAN Access in
    combination with the MS IAS (Radius) Server. The XP Client has DHCP
    configured. The Windows Eventlog tells that Access is granted, but the
    XP Client fails to get an IP address. Are additional attributes on the
    IAS Server necessary ? Thanks for a tip !

    Config of the IAS Server:

    Service-Type: Framed
    Tunnel-Medium-Type: 802
    Tunnel-Pvt-Group-ID: 0x03
    Tunnel-Type: Virtual LANs(VLAN)

    Certificate is configured and selected on the Windows XP Client.

    Config of the 3750:


    aaa new-model
    aaa authentication login local_authen local
    aaa authentication dot1x default group radius
    aaa authorization exec local_author local
    aaa authorization network default group radius


    interface FastEthernet1/0/24
    switchport access vlan 3
    switchport mode access
    switchport port-security
    dot1x pae authenticator
    dot1x port-control auto


    radius-server host auth-port 1812 acct-port 1646 key radius
    radius-server source-ports 1645-1646


    Windows Eventlog:

    Benutzer "DOM\USER_TEST" wurde Zugriff gewährt.
    Vollqualifizierter Benutzername =
    NAS-IP-Adresse =
    NAS-Kennung = <nicht vorhanden>
    Clientanzeigename = 3750
    Client-IP-Adresse =
    Kennung der Anruferstation = [MAC address of the XP Client NIC]
    NAS-Porttyp = Ethernet
    NAS-Port = 50124
    Proxyrichtlinienname = Windows-Authentifizierung für alle Benutzer
    Authentifizierungsanbieter = Windows
    Authentifizierungsserver = <unbestimmt>
    Richtlinienname = 3750
    Authentifizierungstyp = PEAP
    EAP-Typ = Sicheres Kennwort (EAP-MSCHAP v2)

    IAS Server Logfile:,DOM\USER_TEST,11/06/2006,21:38:47,IAS,server,4128,3750,6,2,12,1500,30,00-13-C3-CE-F2-9A,31,[MAC

    address of the XP Client

    für alle Benutzer verwenden,4129,DOM\USER_TEST,4149,3750,25,311 1 11/06/2006 16:54:04 264,4132,Sicheres Kennwort (EAP-MSCHAP
    1 11/06/2006 16:54:04 264,4132,Sicheres Kennwort (EAP-MSCHAP

    für alle Benutzer
    Georg Dingler, Nov 8, 2006
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.