Powered by Jitbit .Net Forum free trial version. dismiss

HomeInteroperability

Interoperability with RADIUS clients & servers

RADIUS MAC authentication with Cisco APs, DHCP Messages in this topic - RSS

cqd123
cqd123
Posts: 2


22.01.2011
cqd123
cqd123
Posts: 2
HI,

I am in the process of rebuilding a wi-fi network consisting of about 60 users, who currently are statically assigned in the router with MAC authentication and WPA2 encryption. It is kind of a nightmare managing the network, as right now any changes have to be manually entered into each computer. I am working on setting up a RADIUS server, have TekRADIUS LT installed and running, and I am having some trouble getting everything finalized. The APs are Cisco WAP4410N type access points, which do not have a router built in, so my core router is handling all the work of authenticating users. Due to the manual IP assignment by MAC address, I can't really subnet the network as we would have to reconfigure each user's entry in the router and they would have to change their wireles config every time they moved to another subnet, which is why I am trying for DHCP with RADIUS handling the authentication by MAC.
I have tried setting up the access points, and everything seems correct, although I am not able to connect. When I connect to the AP, the connection fails. Wireshark seems to show the request going through and a response, but something is missing in the setup. I have input all the APs into the clients tab, and the MAC addresses of each computer into the users tab with the Calling-Station-ID set to check the MAC address.
Here is a section of the capture

No. Time Source Destination Protocol Info
425 1405.662905 192.168.1.15 192.168.1.150 RADIUS Access-Request(1) (id=0, l=149)
Frame 425: 191 bytes on wire (1528 bits), 191 bytes captured (1528 bits)
Arrival Time: Jan 22, 2011 13:58:54.476334000 Afghanistan Standard Time
Epoch Time: 1295688534.476334000 seconds
[Time delta from previous captured frame: 12.235296000 seconds]
[Time delta from previous displayed frame: 12.235296000 seconds]
[Time since reference or first frame: 1405.662905000 seconds]
Frame Number: 425
Frame Length: 191 bytes (1528 bits)
Capture Length: 191 bytes (1528 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:udp:radius]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: Cisco_9f:80:5e (68:ef:bd:9f:80:5e), Dst: Dell_1f:ac:8c (00:18:8b:1f:ac:8c)
Internet Protocol, Src: 192.168.1.15 (192.168.1.15), Dst: 192.168.1.150 (192.168.1.150)
User Datagram Protocol, Src Port: teleniumdaemon (2060), Dst Port: radius (1812)
Radius Protocol
Code: Access-Request (1)
Packet identifier: 0x0 (0)
Length: 149
Authenticator: a4fe32009b1783685f82f42f0a5d8c25
Attribute Value Pairs
AVP: l=14 t=User-Name(1): 00215dc4f2b8
User-Name: 00215dc4f2b8
AVP: l=18 t=User-Password(2): Encrypted
User-Password: s\250\3103\213\213\017\0170\325\271-\365)Z\202
AVP: l=6 t=NAS-IP-Address(4): 192.168.1.15
NAS-IP-Address: 192.168.1.15 (192.168.1.15)
AVP: l=24 t=Called-Station-Id(30): 68-EF-BD-9F-80-5F:CMOC
Called-Station-Id: 68-EF-BD-9F-80-5F:CMOC
AVP: l=19 t=Calling-Station-Id(31): 00-21-5D-C4-F2-B8
Calling-Station-Id: 00-21-5D-C4-F2-B8
AVP: l=6 t=NAS-Port-Type(61): Wireless-802.11(19)
NAS-Port-Type: Wireless-802.11 (19)
AVP: l=24 t=Connect-Info(77): CONNECT 11Mbps 802.11b
Connect-Info: CONNECT 11Mbps 802.11b
AVP: l=18 t=Message-Authenticator(80): 10e65b3fb49dcf7171deee03220223e8
Message-Authenticator: 10e65b3fb49dcf7171deee03220223e8
No. Time Source Destination Protocol Info
426 1408.664022 192.168.1.15 192.168.1.150 RADIUS Access-Request(1) (id=0, l=149), Duplicate
Request ID:0
Frame 426: 191 bytes on wire (1528 bits), 191 bytes captured (1528 bits)
Arrival Time: Jan 22, 2011 13:58:57.477451000 Afghanistan Standard Time
Epoch Time: 1295688537.477451000 seconds
[Time delta from previous captured frame: 3.001117000 seconds]
[Time delta from previous displayed frame: 3.001117000 seconds]
[Time since reference or first frame: 1408.664022000 seconds]
Frame Number: 426
Frame Length: 191 bytes (1528 bits)
Capture Length: 191 bytes (1528 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:udp:radius]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: Cisco_9f:80:5e (68:ef:bd:9f:80:5e), Dst: Dell_1f:ac:8c (00:18:8b:1f:ac:8c)
Internet Protocol, Src: 192.168.1.15 (192.168.1.15), Dst: 192.168.1.150 (192.168.1.150)
User Datagram Protocol, Src Port: teleniumdaemon (2060), Dst Port: radius (1812)
Radius Protocol
Code: Access-Request (1)
Packet identifier: 0x0 (0)
Length: 149
Authenticator: a4fe32009b1783685f82f42f0a5d8c25
[Duplicate Request: 0]
Attribute Value Pairs
AVP: l=14 t=User-Name(1): 00215dc4f2b8
User-Name: 00215dc4f2b8
AVP: l=18 t=User-Password(2): Encrypted
User-Password: s\250\3103\213\213\017\0170\325\271-\365)Z\202
AVP: l=6 t=NAS-IP-Address(4): 192.168.1.15
NAS-IP-Address: 192.168.1.15 (192.168.1.15)
AVP: l=24 t=Called-Station-Id(30): 68-EF-BD-9F-80-5F:CMOC
Called-Station-Id: 68-EF-BD-9F-80-5F:CMOC
AVP: l=19 t=Calling-Station-Id(31): 00-21-5D-C4-F2-B8
Calling-Station-Id: 00-21-5D-C4-F2-B8
AVP: l=6 t=NAS-Port-Type(61): Wireless-802.11(19)
NAS-Port-Type: Wireless-802.11 (19)
AVP: l=24 t=Connect-Info(77): CONNECT 11Mbps 802.11b
Connect-Info: CONNECT 11Mbps 802.11b
AVP: l=18 t=Message-Authenticator(80): 10e65b3fb49dcf7171deee03220223e8
Message-Authenticator: 10e65b3fb49dcf7171deee03220223e8

Any help would be greatly appreciated.

Thanks
0 link
Admin
Admin
Administrator
Posts: 4992


22.01.2011
Admin
Admin
Administrator
Posts: 4992
Hi,

Can you send me TekRADIUS log after setting log level to debug at settings / service parameters?

Best regards,

Yasin KAPLAN
0 link
cqd123
cqd123
Posts: 2


23.01.2011
cqd123
cqd123
Posts: 2
Here is the text from the log file you requested relating to the topic I posted about using MAC authentication with Cisco APs


1/22/2011 4:37:46 PM - TekRADIUS LT Service 4.1.0.0 is being started (Microsoft Windows NT 6.0.6001 Service Pack 1).
1/22/2011 4:37:49 PM - TekRADIUS LT Service is listening on : 192.168.1.150 (10 client(s))
RadAuth req. from : 192.168.1.15:2049 - 1/22/2011 4:37:56 PM
Size : 149 / 149
Identifier : 2
Attributes :
NAS-Port-Type = 19
Called-Station-Id = 68-EF-BD-9F-80-5F:CMOC
Connect-Info = CONNECT 11Mbps 802.11b
Calling-Station-Id = 00-21-5D-C4-F2-B8
NAS-IP-Address = 192.168.1.15
User-Name = 00215dc4f2b8
1/22/2011 4:37:56 PM - PAP Authentication commencing for user '00-21-5D-C4-F2-B8'
1/22/2011 4:37:56 PM - Check items control - Start (Group : Default).
1/22/2011 4:37:56 PM - Check items control - Stop (Group : Default).
1/22/2011 4:37:56 PM - Debug Message : (Radius Authentication)
Value cannot be null.
Parameter name: s
NAS-Port-Type = 19
Called-Station-Id = 68-EF-BD-9F-80-5F:CMOC
Connect-Info = CONNECT 11Mbps 802.11b
Calling-Station-Id = 00-21-5D-C4-F2-B8
NAS-IP-Address = 192.168.1.15
User-Name = 00215dc4f2b8
RadAuth req. from : 192.168.1.15:2049 - 1/22/2011 4:37:59 PM
Size : 149 / 149
Identifier : 2
Attributes :
NAS-Port-Type = 19
Called-Station-Id = 68-EF-BD-9F-80-5F:CMOC
Connect-Info = CONNECT 11Mbps 802.11b
Calling-Station-Id = 00-21-5D-C4-F2-B8
NAS-IP-Address = 192.168.1.15
User-Name = 00215dc4f2b8
1/22/2011 4:37:59 PM - PAP Authentication commencing for user '00-21-5D-C4-F2-B8'
1/22/2011 4:37:59 PM - Check items control - Start (Group : Default).
1/22/2011 4:37:59 PM - Check items control - Stop (Group : Default).
1/22/2011 4:37:59 PM - Debug Message : (Radius Authentication)
Value cannot be null.
Parameter name: s
NAS-Port-Type = 19
Called-Station-Id = 68-EF-BD-9F-80-5F:CMOC
Connect-Info = CONNECT 11Mbps 802.11b
Calling-Station-Id = 00-21-5D-C4-F2-B8
NAS-IP-Address = 192.168.1.15
User-Name = 00215dc4f2b8
RadAuth req. from : 192.168.1.15:2049 - 1/22/2011 4:38:05 PM
Size : 149 / 149
Identifier : 2
Attributes :
NAS-Port-Type = 19
Called-Station-Id = 68-EF-BD-9F-80-5F:CMOC
Connect-Info = CONNECT 11Mbps 802.11b
Calling-Station-Id = 00-21-5D-C4-F2-B8
NAS-IP-Address = 192.168.1.15
User-Name = 00215dc4f2b8
1/22/2011 4:38:05 PM - PAP Authentication commencing for user '00-21-5D-C4-F2-B8'
1/22/2011 4:38:05 PM - Check items control - Start (Group : Default).
1/22/2011 4:38:05 PM - Check items control - Stop (Group : Default).
1/22/2011 4:38:05 PM - Debug Message : (Radius Authentication)
Value cannot be null.
Parameter name: s
NAS-Port-Type = 19
Called-Station-Id = 68-EF-BD-9F-80-5F:CMOC
Connect-Info = CONNECT 11Mbps 802.11b
Calling-Station-Id = 00-21-5D-C4-F2-B8
NAS-IP-Address = 192.168.1.15
User-Name = 00215dc4f2b8
RadAuth req. from : 192.168.1.15:2049 - 1/22/2011 4:38:17 PM
Size : 149 / 149
Identifier : 2
Attributes :
NAS-Port-Type = 19
Called-Station-Id = 68-EF-BD-9F-80-5F:CMOC
Connect-Info = CONNECT 11Mbps 802.11b
Calling-Station-Id = 00-21-5D-C4-F2-B8
NAS-IP-Address = 192.168.1.15
User-Name = 00215dc4f2b8
1/22/2011 4:38:17 PM - PAP Authentication commencing for user '00-21-5D-C4-F2-B8'
1/22/2011 4:38:17 PM - Check items control - Start (Group : Default).
1/22/2011 4:38:17 PM - Check items control - Stop (Group : Default).
1/22/2011 4:38:17 PM - Debug Message : (Radius Authentication)
Value cannot be null.
Parameter name: s
NAS-Port-Type = 19
Called-Station-Id = 68-EF-BD-9F-80-5F:CMOC
Connect-Info = CONNECT 11Mbps 802.11b
Calling-Station-Id = 00-21-5D-C4-F2-B8
NAS-IP-Address = 192.168.1.15
User-Name = 00215dc4f2b8
RadAuth req. from : 192.168.1.15:2049 - 1/22/2011 4:38:34 PM
Size : 149 / 149
Identifier : 1
Attributes :
NAS-Port-Type = 19
Called-Station-Id = 68-EF-BD-9F-80-5F:CMOC
Connect-Info = CONNECT 11Mbps 802.11b
Calling-Station-Id = 00-21-5D-C4-F2-B8
NAS-IP-Address = 192.168.1.15
User-Name = 00215dc4f2b8
1/22/2011 4:38:34 PM - PAP Authentication commencing for user '00-21-5D-C4-F2-B8'
1/22/2011 4:38:34 PM - Check items control - Start (Group : Default).
1/22/2011 4:38:34 PM - Check items control - Stop (Group : Default).
1/22/2011 4:38:34 PM - Debug Message : (Radius Authentication)
Value cannot be null.
Parameter name: s
NAS-Port-Type = 19
Called-Station-Id = 68-EF-BD-9F-80-5F:CMOC
Connect-Info = CONNECT 11Mbps 802.11b
Calling-Station-Id = 00-21-5D-C4-F2-B8
NAS-IP-Address = 192.168.1.15
User-Name = 00215dc4f2b8
RadAuth req. from : 192.168.1.15:2049 - 1/22/2011 4:38:41 PM
Size : 149 / 149
Identifier : 2
Attributes :
NAS-Port-Type = 19
Called-Station-Id = 68-EF-BD-9F-80-5F:CMOC
Connect-Info = CONNECT 11Mbps 802.11b
Calling-Station-Id = 00-21-5D-C4-F2-B8
NAS-IP-Address = 192.168.1.15
User-Name = 00215dc4f2b8
1/22/2011 4:38:41 PM - PAP Authentication commencing for user '00-21-5D-C4-F2-B8'
1/22/2011 4:38:41 PM - Check items control - Start (Group : Default).
1/22/2011 4:38:41 PM - Check items control - Stop (Group : Default).
1/22/2011 4:38:41 PM - Debug Message : (Radius Authentication)
Value cannot be null.
Parameter name: s
NAS-Port-Type = 19
Called-Station-Id = 68-EF-BD-9F-80-5F:CMOC
Connect-Info = CONNECT 11Mbps 802.11b
Calling-Station-Id = 00-21-5D-C4-F2-B8
NAS-IP-Address = 192.168.1.15
User-Name = 00215dc4f2b8
RadAuth req. from : 192.168.1.15:2049 - 1/22/2011 4:39:29 PM
Size : 149 / 149
Identifier : 2
Attributes :
NAS-Port-Type = 19
Called-Station-Id = 68-EF-BD-9F-80-5F:CMOC
Connect-Info = CONNECT 11Mbps 802.11b
Calling-Station-Id = 00-21-5D-C4-F2-B8
NAS-IP-Address = 192.168.1.15
User-Name = 00215dc4f2b8
1/22/2011 4:39:29 PM - PAP Authentication commencing for user '00-21-5D-C4-F2-B8'
1/22/2011 4:39:29 PM - Check items control - Start (Group : Default).
1/22/2011 4:39:29 PM - Check items control - Stop (Group : Default).
1/22/2011 4:39:29 PM - Debug Message : (Radius Authentication)
Value cannot be null.
Parameter name: s
NAS-Port-Type = 19
Called-Station-Id = 68-EF-BD-9F-80-5F:CMOC
Connect-Info = CONNECT 11Mbps 802.11b
Calling-Station-Id = 00-21-5D-C4-F2-B8
NAS-IP-Address = 192.168.1.15
User-Name = 00215dc4f2b8
RadAuth req. from : 192.168.1.15:2049 - 1/22/2011 4:39:44 PM
Size : 149 / 149
Identifier : 0
Attributes :
NAS-Port-Type = 19
Called-Station-Id = 68-EF-BD-9F-80-5F:CMOC
Connect-Info = CONNECT 11Mbps 802.11b
Calling-Station-Id = 00-21-5D-C4-F2-B8
NAS-IP-Address = 192.168.1.15
User-Name = 00215dc4f2b8
1/22/2011 4:39:44 PM - PAP Authentication commencing for user '00-21-5D-C4-F2-B8'
1/22/2011 4:39:44 PM - Check items control - Start (Group : Default).
1/22/2011 4:39:44 PM - Check items control - Stop (Group : Default).
1/22/2011 4:39:44 PM - Debug Message : (Radius Authentication)
Value cannot be null.
Parameter name: s
NAS-Port-Type = 19
Called-Station-Id = 68-EF-BD-9F-80-5F:CMOC
Connect-Info = CONNECT 11Mbps 802.11b
Calling-Station-Id = 00-21-5D-C4-F2-B8
NAS-IP-Address = 192.168.1.15
User-Name = 00215dc4f2b8
RadAuth req. from : 192.168.1.15:2049 - 1/22/2011 4:40:34 PM
Size : 149 / 149
Identifier : 1
Attributes :
NAS-Port-Type = 19
Called-Station-Id = 68-EF-BD-9F-80-5F:CMOC
Connect-Info = CONNECT 11Mbps 802.11b
Calling-Station-Id = 00-21-5D-C4-F2-B8
NAS-IP-Address = 192.168.1.15
User-Name = 00215dc4f2b8
1/22/2011 4:40:34 PM - PAP Authentication commencing for user '00-21-5D-C4-F2-B8'
1/22/2011 4:40:34 PM - Check items control - Start (Group : Default).
1/22/2011 4:40:34 PM - Check items control - Stop (Group : Default).
1/22/2011 4:40:34 PM - Debug Message : (Radius Authentication)
Value cannot be null.
Parameter name: s
NAS-Port-Type = 19
Called-Station-Id = 68-EF-BD-9F-80-5F:CMOC
Connect-Info = CONNECT 11Mbps 802.11b
Calling-Station-Id = 00-21-5D-C4-F2-B8
NAS-IP-Address = 192.168.1.15
User-Name = 00215dc4f2b8
RadAuth req. from : 192.168.1.15:2049 - 1/22/2011 4:41:05 PM
Size : 149 / 149
Identifier : 2
Attributes :
NAS-Port-Type = 19
Called-Station-Id = 68-EF-BD-9F-80-5F:CMOC
Connect-Info = CONNECT 11Mbps 802.11b
Calling-Station-Id = 00-21-5D-C4-F2-B8
NAS-IP-Address = 192.168.1.15
User-Name = 00215dc4f2b8
1/22/2011 4:41:05 PM - PAP Authentication commencing for user '00-21-5D-C4-F2-B8'
1/22/2011 4:41:05 PM - Check items control - Start (Group : Default).
1/22/2011 4:41:05 PM - Check items control - Stop (Group : Default).
1/22/2011 4:41:05 PM - Debug Message : (Radius Authentication)
Value cannot be null.
Parameter name: s
NAS-Port-Type = 19
Called-Station-Id = 68-EF-BD-9F-80-5F:CMOC
Connect-Info = CONNECT 11Mbps 802.11b
Calling-Station-Id = 00-21-5D-C4-F2-B8
NAS-IP-Address = 192.168.1.15
User-Name = 00215dc4f2b8


Thanks
0 link
Admin
Admin
Administrator
Posts: 4992


24.01.2011
Admin
Admin
Administrator
Posts: 4992
Hi,

I think you you've set Calling-Station-Id as authentication key. You can leave default settings in your case.
Can you send me the user profile for 00-21-5D-C4-F2-B8? Have you configure any attribute in Default user group?
0 link
MHE
MHE
Posts: 12


29.09.2017
MHE
MHE
Posts: 12
Hi I am trying to use MAB authenticaiton, I installed Tek RADUIS on win 7 client, I added some config on it, bu client can not login to network ?
Can you help me about that please.
BR
0 link
Admin
Admin
Administrator
Posts: 4992


29.09.2017
Admin
Admin
Administrator
Posts: 4992
Hi,

Can you send TekRADIUS log entries (Accessible through File menu) after setting log level to debug at Settings / Service Parameters or a failed authentication attempt?

Best regards,

Yasin KAPLAN
0 link






Powered by Jitbit Forum 8.3.8.0 © 2006-2013 Jitbit Software