1. Home
  2. Cisco Systems
  3. Cisco 802 config and MS IAS / Radius Server

Cisco 802 config and MS IAS / Radius Server

Hello,

I configured a Cisco 3750 for Radius Authentification for LAN Access in combination with the MS IAS (Radius) Server. The XP Client has DHCP configured. The Windows Eventlog tells that Access is granted, but the XP Client fails to get an IP address. Are additional attributes on the IAS Server necessary ? Thanks for a tip !

Config of the IAS Server:

Service-Type: Framed Tunnel-Medium-Type: 802 Tunnel-Pvt-Group-ID: 0x03 Tunnel-Type: Virtual LANs(VLAN)

Certificate is configured and selected on the Windows XP Client.

Config of the 3750:

...

aaa new-model aaa authentication login local_authen local aaa authentication dot1x default group radius aaa authorization exec local_author local aaa authorization network default group radius

...

interface FastEthernet1/0/24 switchport access vlan 3 switchport mode access switchport port-security dot1x pae authenticator dot1x port-control auto

...

radius-server host 192.168.0.1 auth-port 1812 acct-port 1646 key radius radius-server source-ports 1645-1646

...

Windows Eventlog:

Benutzer "DOM\\USER_TEST" wurde Zugriff gewährt. Vollqualifizierter Benutzername = DOM.test-it.de/Users/A_USER_TEST NAS-IP-Adresse = 192.168.0.199 NAS-Kennung = Clientanzeigename = 3750 Client-IP-Adresse = 192.168.0.199 Kennung der Anruferstation = [MAC address of the XP Client NIC] NAS-Porttyp = Ethernet NAS-Port = 50124 Proxyrichtlinienname = Windows-Authentifizierung für alle Benutzer verwenden Authentifizierungsanbieter = Windows Authentifizierungsserver = Richtlinienname = 3750 Authentifizierungstyp = PEAP EAP-Typ = Sicheres Kennwort (EAP-MSCHAP v2)

IAS Server Logfile:

192.168.0.199,DOM\\USER_TEST,11/06/2006,21:38:47,IAS,server,4128,3750,6,2,12,1500,30,00-13-C3-CE-F2-9A,31,[MAC

address of the XP Client NIC],5,50124,61,15,4,192.168.0.199,4108,192.168.0.199,4116,9,4155,1,4154,Windows-Authentifizierung

für alle Benutzer verwenden,4129,DOM\\USER_TEST,4149,3750,25,311 1

192.168.0.1 11/06/2006 16:54:04 264,4132,Sicheres Kennwort (EAP-MSCHAP v2),4127,11,4130,DOM.test-it.de/Users/A_USER_TEST,4136,1,4142,0 192.168.0.199,DOM\\USER_TEST,11/06/2006,21:38:47,IAS,server,4128,3750,25,311 1 192.168.0.1 11/06/2006 16:54:04 264,4132,Sicheres Kennwort (EAP-MSCHAP v2),4127,11,8100,0,4108,192.168.0.199,4116,9,4155,1,4154,Windows-Authentifizierung

für alle Benutzer verwenden,4129,DOM\\USER_TEST,4149,3750,6,2,65,6,81,0x03,64,13,4130,DOM.test-it.de/Users/A_USER_TEST,4120,0x0148,4136,2,4142,0

Reply to
Georg Dingler
Loading thread data ...

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.