Pb with EAP/MD5

Rafael DiazMaurin Rafael.DiazMaurin at cnrs-bellevue.fr
Tue Aug 9 16:41:05 CEST 2005 

Jefri bin Dahari a écrit :

> Use 'debug radius authentication' command on your switch and run 
> radiusd -X and see the output.
> Check whether the vlan you configure on the port is supported on the 
> switch.


I've got 2 errors in my logs from the switch CISCO 2950 IOS : version : 
12.1(22)EA4

AAA/AUTHOR: config command authorization not enable
dot1x-err:Unable to send a message to the Dot1x Authenticator process.

If someone has an idea...

>
>
> ----- Original Message ----- From: "Rafael DiazMaurin" 
> <Rafael.DiazMaurin at cnrs-bellevue.fr>
> To: "FreeRadius users mailing list" 
> <freeradius-users at lists.freeradius.org>
> Sent: Tuesday, August 09, 2005 15:44
> Subject: Re: Pb with EAP/MD5
>
>
>> Jefri bin Dahari a écrit :
>>
>>> I think you haven't put the NAS ip address in clients.conf.
>>
>>
>>
>> Yes I did it :
>>
>> client xxx.xxx.xxx.xxx {
>>        secret          = XXX
>>        shortname    = Switch
>>        nastype         = cisco
>> }
>>
>>
>>>     ----- Original Message -----
>>>    
>>>
>>>>
>>>> The Cisco 2950 is the client (or NAS). Is it configured?
>>>>
>>>     Yes it's configured :
>>>     IOS version : 12.1(22)EA4
>>>     General configuration :
>>>         aaa new-model
>>>         aaa authentication dot1x default group radius
>>>         aaa authorization network default group radius
>>>     radius-server host IP-Adress auth-port 1812 acct-port 1813 key XXX
>>>     radius-server retransmit 3
>>>
>>>     Here is the configuration of the port where the Supplicant (XP SP
>>>     2) is connected :
>>>     interface FastEthernet0/2
>>>       description supplicant
>>>      switchport access vlan XXX
>>>      switchport mode access
>>>      duplex full
>>>      dot1x port-control auto
>>>      dot1x timeout reauth-period 300
>>>      dot1x reauthentication
>>>      spanning-tree portfast
>>>
>>>     This switch is connected to another switch with a Trunk link, and
>>>     another trunk link until the radius server.
>>>     Here is the configuration of the port where the radius server is
>>>     connected :
>>>     interface FastEthernet2/11
>>>      description RadiusServer
>>>      switchport access vlan XXX
>>>
>>>
>>>  
>>

Rafael.

>>>  
>>

More information about the Freeradius-Users mailing list