FreeRADIUS not sending "Access-Accept" for Cisco Phone

craig at mypenguin.net.au craig at mypenguin.net.au
Thu May 26 09:44:51 CEST 2016 

Hi,

802.1x Authentication with EAP-TLS, works perfectly with a Centos
client, however not from a Cisco IP Phone.

Basic Specs For Server;
* Centos 7.2 x64
* freeradius-3.0.4-6.el7.x86_64
* Communicating through a Dell N3000 switch.
* Cisco 7841 IP Phone

I've been studying the debug logs as best I can, the working log clearly
shows "Sending Access Accept Packet" (output below).
However when I read the debug for the Cisco phone connection, we see
hundreds (would eventually be thousands) of attempts without ever seeing the below successful packet
sent back. 

I'm just after any suggestions on how to better debug the connection from the Cisco
phone?

----------   CUT (working example with Centos Client) ---------------
Sending Access-Accept packet to host 192.168.11.62 port 34495, id=119,
length=0
(6)     MS-MPPE-Recv-Key =
0x069dfe1c5f6660fe98f7d39c311e1c52bea7445e54d05f2706c154542ed5b3fa
(6)     MS-MPPE-Send-Key =
0x54782fc7b655096c1a45437c1cae96d4217867c8403c0f1edd3a8438330aad81
(6)     EAP-MSK =
0x069dfe1c5f6660fe98f7d39c311e1c52bea7445e54d05f2706c154542ed5b3fa
54782fc7b655096c1a45437c1cae96d4217867c8403c0f1edd3a8438330aad81
(6)     EAP-EMSK =
0xcfa717399d049b7ca5f438a07c6bffc0e199bd24182a903fd759c84eb13765feda5bfd396f403068ef377c20c0ea46c2628917fd644afd54556a00b79652fa3a
(6)     EAP-Session-Id =
0x0d57469718eb7768f033c8f06c17b709ca49254502c930e10641848a9551823e395746989ca0c8126d5fe044a497974be973775d2f5f3b401cc023e449ef983787
(6)     EAP-Message = 0x03160004
(6)     Message-Authenticator = 0x00000000000000000000000000000000
(6)     User-Name = 'craig'
Sending Access-Accept Id 119 from 192.168.11.61:1812 to 192.168.11.62:34495
MS-MPPE-Recv-Key = 0x069dfe1c5f6660fe98f7d39c311e1c52bea7445e54d05f2706c154542ed5b3fa
MS-MPPE-Send-Key = 0x54782fc7b655096c1a45437c1cae96d4217867c8403c0f1edd3a8438330aad81
EAP-Message = 0x03160004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = 'craig'
(6) Finished request
----------   CUT ------------------------------------------



Regards,

Craig

More information about the Freeradius-Users mailing list