|
Posted by Georg Dingler on November 8, 2006, 9:07 am
If you were Registered and logged in, you could reply and use other advanced thread options
Hello,
I configured a Cisco 3750 for Radius Authentification for LAN Access in
combination with the MS IAS (Radius) Server. The XP Client has DHCP
configured. The Windows Eventlog tells that Access is granted, but the
XP Client fails to get an IP address. Are additional attributes on the
IAS Server necessary ? Thanks for a tip !
Config of the IAS Server:
Service-Type: Framed
Tunnel-Medium-Type: 802
Tunnel-Pvt-Group-ID: 0x03
Tunnel-Type: Virtual LANs(VLAN)
Certificate is configured and selected on the Windows XP Client.
Config of the 3750:
...
aaa new-model
aaa authentication login local_authen local
aaa authentication dot1x default group radius
aaa authorization exec local_author local
aaa authorization network default group radius
...
interface FastEthernet1/0/24
switchport access vlan 3
switchport mode access
switchport port-security
dot1x pae authenticator
dot1x port-control auto
...
radius-server host 192.168.0.1 auth-port 1812 acct-port 1646 key radius
radius-server source-ports 1645-1646
...
Windows Eventlog:
Benutzer "DOM\USER_TEST" wurde Zugriff gewährt.
Vollqualifizierter Benutzername = DOM.test-it.de/Users/A_USER_TEST
NAS-IP-Adresse = 192.168.0.199
NAS-Kennung = <nicht vorhanden>
Clientanzeigename = 3750
Client-IP-Adresse = 192.168.0.199
Kennung der Anruferstation = [MAC address of the XP Client NIC]
NAS-Porttyp = Ethernet
NAS-Port = 50124
Proxyrichtlinienname = Windows-Authentifizierung für alle Benutzer
verwenden
Authentifizierungsanbieter = Windows
Authentifizierungsserver = <unbestimmt>
Richtlinienname = 3750
Authentifizierungstyp = PEAP
EAP-Typ = Sicheres Kennwort (EAP-MSCHAP v2)
IAS Server Logfile:
192.168.0.199,DOM\USER_TEST,11/06/2006,21:38:47,IAS,server,4128,3750,6,2,12,1500,30,00-13-C3-CE-F2-9A,31,[MAC
address of the XP Client
NIC],5,50124,61,15,4,192.168.0.199,4108,192.168.0.199,4116,9,4155,1,4154,Windows-Authentifizierung
für alle Benutzer verwenden,4129,DOM\USER_TEST,4149,3750,25,311 1
192.168.0.1 11/06/2006 16:54:04 264,4132,Sicheres Kennwort (EAP-MSCHAP
v2),4127,11,4130,DOM.test-it.de/Users/A_USER_TEST,4136,1,4142,0
192.168.0.199,DOM\USER_TEST,11/06/2006,21:38:47,IAS,server,4128,3750,25,311
1 192.168.0.1 11/06/2006 16:54:04 264,4132,Sicheres Kennwort (EAP-MSCHAP
v2),4127,11,8100,0,4108,192.168.0.199,4116,9,4155,1,4154,Windows-Authentifizierung
für alle Benutzer
verwenden,4129,DOM\USER_TEST,4149,3750,6,2,65,6,81,0x03,64,13,4130,DOM.test-it.de/Users/A_USER_TEST,4120,0x0148,4136,2,4142,0
--
Georg
www.dingler-it.de
|
| Similar Threads | Posted | | Cisco Aironet - local RADIUS server | July 27, 2005, 9:31 am |
| SBR Radius Config | July 16, 2007, 3:18 pm |
| Help w/pix 501 config & vpn client setup w/radius | September 9, 2006, 2:09 am |
| Config cisco routers such as a VPN server | July 23, 2007, 1:59 pm |
| 3G / GPRS Radius Server | June 24, 2005, 3:37 am |
| RADIUS Server For AP's | June 13, 2006, 11:12 pm |
| Network Design: Cisco Config and ISA server | December 6, 2004, 10:50 am |
| Looking for a radius server with specific specs | May 14, 2007, 1:46 pm |
| Radius Server for temporary account | May 28, 2007, 9:18 am |
| Aironet 1200 with Microsoft radius server | July 8, 2005, 12:31 pm |
|
|
Yahoo! 
Google 
Windows Live 
del.icio.us 
digg 
Netscape 
XML site map