Cisco :: Free Radius Server For Lab?
May 1, 2012Any free radius server for lab purpose?
View 5 Replies
ADVERTISEMENT
Cisco Switches :: SG300-28 - Dynamic VLAN And Free Radius Log
Aug 21, 2012I am using several SG300-28 Switches with firmware version 1.1.2.0.I have dynamic VLAN enabled. As RADIUS server I am using free radius 2.1.12.Authentication is only based on the MAC address. (I configured that on the switches)On the switches I created three VLANs. VLAN100 for the authenticated clients, VLAN200 for Management interface and VLAN300 as Guest VLAN. After a wrong authentication the clients should be put into this Guest VLAN immediately (I configured this on the switches). I am using Windows XP and Windows 7 clients in my network. I did not configure any EAP settings because I just wnat to use the MAC address.
In most cases the dynamic VLAN assignment and authentication is working fine. The switch log says that the client is authenticated and the same I can see on free radius log. But in some (rare) cases the client is rejected. The CISCO log says "MAC aa:bb:cc:dd:ee:ff was rejected on port ge17" but when I look at the free radius log then this MAC address was successfully authorized.
The problem is that the client gets an IP address based on the Guest VLAN300 but after that the switch seems to "switch" the VLAN on the port and then the client is authenticated correctly on the right VLAN but the client does not request a new IP on the new VLAN. If I unplug and re-plug the LAN cable in most cases the client get the correct VLAN and the correct IP. This is happening randomly on nearly all my PCs.
Do I have to set some timers higher ? I don't think it is a problem between switch and RADIUS but a problem between communication of the host and the switch.
Cisco :: WLC 2106 WPA2 Enterprise Using Free Radius Starting Point
Mar 2, 2013I have a WLC 2106 with two AP's connected, But have not set up any authentication. I don't have CSACS at my disposal, so I thought I would try FreeRadius on my Linux Server. I am looking for User/Password auth, and for now I would expect to have those accounts local to the FreeRadius engine. (baby steps before I try PAM/LDAP/AD/Certs )
I have seen a number of posts asking final step questions. I was looking for more of a where to begin How To.
I have read the docs on Free Radius, and believe I have the method worked out on how to make a small change, run in debug mod to observe my change, to verify that I don't spend too much time pulling out my hair. I am fairly adept at CSACS 5.3 but it hides the magic of Radius from me.
Cisco AAA/Identity/Nac :: Nexus 5K With Free-Radius Assigning Network-operator Role
Apr 26, 2011my customer has FreeRadius, and I'm trying to get the server to assign a network admin role to a 5K running 5.0.3 code.This is based on the example given in this document: url...The server authenticates the user name, but will only put the user into the network operator role. This is confirmed by checking the output of show user-account and debug security user-db.The Radius test using the same credentials passes the authentication test. I'm sure the problem is that the N5K dosent understand the VSA format of the attribute, and that this is a simple syntax problem.
View 2 Replies View RelatedPort Through Public IP To Free NAS Server?
Feb 16, 2012I have a virtual FreeNAS server running from VMPlayer and I want to allow my friends to connect to my media server from their houses, but I don't want to buy a domain. Is there a way to port them to it when they connect to my Public IP? I am willing to use another program if necessary. I have looked at Filezilla, but have the same issue.
View 4 Replies View RelatedTP-Link Dual-Band Wireless :: TL-WDR4300 No Free Field To Choose Protocol / Server / Password And Network
Feb 18, 2013Region : Germany
Model : TL-WDR4300
Hardware Version : V1
Firmware Version : V1
ISP : Kabel Deutschland
the firmware offers 3 different dyndns services. But opendns is not included, also there is no free field to choose protocol, server, password and network. Will this be updated in further firmwares?
Cisco :: Configuring RADIUS Server For It?
Jan 25, 2012Does anyone have or know of a tried and true method of configuring a Windows Server 2008 box to provide authentication/accounting services for Cisco devices. I've read a few websites already and a lot of them seem to be geared toward VPN and some of the settings each site goes through are different.I've got NPS installed and a RADIUS client configured with the shared key. Right now I'm in the process of creating the Network Policy which only allows a Windows "admin" group to log in. Curious about the "Constraints" section where the NAS Port Type is selected and the "Settings" section where the service-type and vendor specific options are configured.
View 18 Replies View RelatedCisco :: How To Configure Radius Server
Oct 15, 2012How to configure Radius server on router in packet tracer
View 1 Replies View RelatedCisco :: AP1252 AG And Radius Server
Jun 8, 2011i have problem with my 3 new cisco AP1252AG and Radius server (windows 2000 IAS).On the 3 AP, i have two ssid :,One with Wpa pre-shared key,the other one with EAP/radius,the one with preshared key works well but the other have some trouble, here is the error message ,i have check the shared secret in radius and ap and it's ok.The error appears randomly.
View 1 Replies View RelatedCisco WAN :: Best RADIUS Server For 802.1x Wired Authentication?
Sep 2, 2012which is the best RADIUS server for 802.1x wired authentication?
View 1 Replies View RelatedCisco :: WAP4410N Not Talking To RADIUS Server
May 13, 2013I am trying to configure a WAP4410N, with latest firmware, for disabled security (i.e.: no WEP/WPA, user passwords etc) but enable MAC authentication control using RADIUS.If I test the WAP using disabled security and disabled authentication control, the WAP works fine. When I enable the RADIUS MAC authentication (ensuring I have entered the correct RADIUS server details) nothing happens, the WAP connection just fails. Also, the RADIUS server doesn't log any attempts from the WAP to connect.Is there a known problem with this WAP simply not working with RADIUS under this configuration?
View 1 Replies View RelatedCisco :: Can Aironet1040 AP Set Local Radius And Act As Server
Mar 7, 2012I am testing a Aironet1040 in AP setting. During the process of trial run of GUI on this 1040, I saw a local radius setting and it can set something like FAST-EAP.
Is it after using this setting (plus other steps), I can set this Aironet1040 as an AP with the capability of simple Radius Server for authentication purpose?
If not by this way as I mentioned above, can Aironet1040 be set as simple Radius Server? This is because if it can set as simple Radius Server and not need to work with an external Radius Server, that would be great and save trouble to find another server.
Cisco :: EAP-TLS With Radius Server Configuration (1130AG)
Jan 24, 2013I am currently trying to get eap-tls user certificate based wireless authentication working. The mismatch of guides im trying to follow has me coming up trumps with success so far.
My steps for radius:- (i think this part ive actually got ok) [URL]
Steps for the wireless profile on a win 7 client:- this has me confused all over the place [URL]
My 1130 Config:-
[code]
Current configuration : 3805 bytes
!
! Last configuration change at 11:57:56 UTC Fri Jan 25 2013 by apd
[Code].....
Cisco WAN :: 2811 How To Configure RADIUS Server Using CLI
Oct 28, 2012I have a 2811 router and how to configure a RADIUS server using the CLI.
View 3 Replies View RelatedCisco :: 5500 - Changing Radius Server
Nov 19, 2012We are retiring our current radius server. It is windows 2003 IAS server (also a DC) that we use for 802.1X authentication. We are moving to server 2008r2. I have already installed NPS and Network Authentication services on the server.
On the existing IAS server I exported the settings (using iasmig reader.exe) and was able to import the profiles (I see the 5500 as a radius client etc) Our 5500 is still pointing to the old server.
Is it as simple as changing the ip of the RADIUS server to point to the new server? It looks like I actually have to add the new server and create a new pres hared key on the NPS server but only find documents on adding a new 5500 (vs flipping it to a new NPS server).
Cisco :: WLC 2504 With RADIUS Server Authentication And EAP-TLS
Mar 6, 2013Can the 2504 WLC be configured to work with one RADIUS Server for Authentication of Management Users and with a second server for 802.1x EAP-TLS certificate authentication for the end users.
Management Users will authenticate on RADIUS Server 1.Wireless End users will request 802.1x EAP-TLS authentication certificate from AAA server 2.
Cisco AAA/Identity/Nac :: 5508-WLC Using MS NPS As RADIUS Server For EAP-TLS
May 18, 2011getting a Cisco WLC to work with MS NPS server? We've done it before albeit with differnt code versions.
I have a Cisco 5508 WLC running 7.0.116.0 code hosting a WLAN configured for WPA2 with 802.1x for authentication. I have two Windows NPS servers configured as the RADIUS servers for EAP-TLS authentication. Via debug info on the WLC I can see the 802.1x handshake take place with the wireless client and the WLC as well as a successful transmission of an Authentication Packet from the WLC to one of the RADIUS servers. However on the WLC I see repeated RADIUS server x.x.x.x:1812 deactivated in global list and on the NPS server I'm seeing event log errors indicating "The Network Policy Server discarded the request for a user" along with the pertinent auth request info that I would expect the NPS server to receive from the WLC. Based on the WLC debug info I'm never actually getting to the EAP-TLS certificate authentication part. It seems the NPS servers don't like the format of the initial RADIUS authentication request coming from the WLC and so don't respond whcih in turn casues to WLC to switch to the other NPS server which produces the same issue.
Cisco AAA/Identity/Nac :: ACS 4.2 / ISE As Standalone RADIUS Server
Apr 7, 2013Is there any way to set up our ISE to provide Radius instead of acting as Radius Proxy? In our Company we use ACS 4.2 to provide AAA via Tacacs+ and this works proper with all our Cisco-Switches. Now we are testing the ISE 1.1.1 as NAC-Solution.
I know how to set up the ISE as 'Radius Proxy', configuring the Sequences and Policies, but till now we are using only Tacacs+ for AAA. The current version of ISE does not support Tacacs+ and I don't want to set up a Radius-enviroment in ACS if not necessary. Somewhere ( I think the specs) I read, the ISE is a merge of ACS and NAC. So in my Opinion there should be a way to provide AAA via Radius on the ISE without ACS and without 'Radius Proxy'.
Cisco :: Possible To Have ASDM And SSH Authenticate Via Different Means On RADIUS Server
Apr 3, 2013Is it possible to have ASDM and SSH authenticate via different means on a RADIUS server? In particular, I have a single aaa-server group that's used for both ASDM and SSH, but I want to limit ASDM access to only a particular group in Active Directory (for example). I looked at various different requests (from the server's perspective) to see if there was a way that they (ASDM requests and SSH requests) were differentiated but was unable to find any. It would be ideal if there was something inherent about the RADIUS request coming from ASDM vs SSH so that I could build that decision making into the RADIUS server.I know I could do this by just using a different aaa-server group for each access method, but I want to avoid that if possible.
View 7 Replies View RelatedCisco Wireless :: 5508 WLC With ISE As Radius And Also External Web Server
Jan 30, 2013I am biulding a wireless network with 5508 WLC and trying to use ISE as radius server and also to redirect the web-login to it.I was trying to understand that to achieve the external web-login, do i need to use the raduius-nac option under advanced on the guest wireless where i am trying this out. and if not, where do i actually use it?So far what i have understood that i do need to have preauth ACL on the Layer 3 security, but the issue is there is no hit reaching the ISE.
View 9 Replies View RelatedCisco VPN :: ASA 8.4.x - Sending A Client Attribute To Radius Server
Dec 11, 2011I'm using an ASA version 8.4.2 and a Radius Server.
Is-it possible to configure ASA for sending the name of the connection profile to the Radius Server ?
By default, the radius server doesn't receive this information.
Cisco Wireless :: Radius Server Requirement With Wlc 2504?
Jul 12, 2012I want to know if its nessary to install Certificate authority on your radius server. If we have a CA server already in the domain can we use that for this purpose or we have to install certificate authority on our DC.
View 1 Replies View RelatedCisco Wireless :: Radius Server Authentication AIR-AP1231G-A-K9
Apr 30, 2012Below is he output from debug radius authentication from my AP.
I can see request is forwarding from AP to radius but Radius is not sending any response.Not sure why its not responding.
I also did not under stand few out outputs also
no sg in radius-timers and
RADIUS/DECODE: parse response no app start; FAIL
what does it mean.
I restarted radius server , changed secret key but no luck.
019639: May 1 16:15:08.727: RADIUS: User-Name [1] 32 "host/3KYGRH1.idcap.intdata.com"
019640: May 1 16:15:08.727: RADIUS: Framed-MTU [12] 6 1400
019641: May 1 16:15:08.727: RADIUS: Called-Station-Id [30] 16 "0012.01d6.f691"
[Code]...
AAA/Identity/Nac :: Turn Cisco 877 Router Into RADIUS Server?
Apr 22, 2011I was just wondering if it was possible to turn a cisco 887 Router into a RADIUS Server. What i wanted to do was setup my wireless AP to authenticate using RADIUS, but didn't want to setup another server for the purpose.
View 1 Replies View RelatedCisco Security :: AAA Authentication Radius-Server 3750e
Aug 13, 2012I'm able to setup my 3750e switch to login through a radius server with my company user id and password but would like to be able to set it up that when I log in it drops me on the enable prompt. Right now I have to type >en.Then the enable password.
View 1 Replies View RelatedAAA/Identity/Nac :: Possible To Send VSA From Radius Server To ASA-5505
Oct 26, 2009Wondering if it's possible to send a VSA from my radius server to my ASA-5505 that will instruct the ASA to use one of several split tunnel lists I have created, based on the user name supplied in the Radius request.For example, I can send a VSA of "ip:inacl#1=permit ..." and the ASA will dynamically create an access-list for that user.Is there a similar VSA for split tunnel?
View 8 Replies View RelatedCisco Wireless :: C1200 Client Authentication Is Against RADIUS Server
Jan 9, 2013i am trying to connect clients to my AP1231 which is running C1200 Software (C1200-K9W7-M), Version 12.3(8)JED. Client authentication is against RADIUS server. [code]
View 3 Replies View RelatedCisco :: How To Set Up 2008 (NPS And NASs) RADIUS Server For 802.1X Wireless Clients
Sep 25, 2012how to set up 2008 (NPS and NASs) RADIUS Server for 802.1X Wireless clients.
View 1 Replies View RelatedCisco Wireless :: Configuring RADIUS Server On 2500 Controller
Dec 3, 2012We have recently installed Cisco for our wireless solution. We are an education and are looking to let staff and pupils bring their own devices. The route that we are planning to take to let them join the school's WiFi is to implement a RADIUS server so that they can authenticate with their Active Directory username and password. I have tried to test the solution but so far without any success. I am using a Windows Server 2008 R2 as my NPS server, I have setup the Cisco controller as per below:
Security Tab | RADIUS | Authentication - I added my windows server there and the preshared key, the Network User and Management is ticket and the server responds to a ping command,In the WLANs Tab, I selected my test WLAN and under Security | AAA Servers I selected the RADIUS server that I configured in the Security TabI then try to logon to my test WLAN and on the Cisco WLAN controller I get the following error: AAA Authentication Failure for UserName:test User Type: WLAN USER
Before trying to tinker with policies on the Windows Server I was wondering if the RADIUS is correctly setup on the Controller or have I missed something obvious?
Cisco :: WLC 2106 - Take Group B And Point It To A Radius Server For Authentication
Dec 13, 2011In the WLC there are two groups (say A and B). How would I take group B and point it to a RADIUS server for authentication? The server is ping reachable. I have searched but did not see any definitive answer.
View 3 Replies View RelatedCisco :: 5508 RADIUS Server Failed To Respond To Request
May 22, 2013We are experiencing a lot of these RADIUS failed to respond messages on our WLC's leading to a lot of RADIUS server hopping within the WLC.We are using Cisco 5508's, 1142 AP's and a Microsoft NPS RADIUS backend. SSID is WPA2+802.1xThe first workaround to this problem was to disable aggressive failover on the WLC. But this is only a temporary fix, because in the end, there will be more than 3 consequetive clients, failing to authenticate to the WLAN network. As a result, the WLC will swap to the 2nd RADIUS server configured.When we dived into this a little bit more we saw the following messages being logged on the RADIUS backend at the time we saw the RADIUS messages on the WL:Event ID: 6274: Network Policy Server discarded the request for a user.
View 16 Replies View RelatedCisco AAA/Identity/Nac :: CiscoSecure ACS V4.2 RADIUS Logs Upload To FTP Server
Apr 24, 2013I am using CiscoSecure ACS v4.2 appliance, in there any way that RADIUS logs upload to FTP server because it has limitation to store RADIUS logs.
View 15 Replies View RelatedCisco AAA/Identity/Nac :: Configure ACS 5.4 As Radius Server For Network Access
May 1, 2013I'm trying to configure ACS 5.4 as radius server for network access (PPP connections).In monitoring and reports the users have green color , but the clients cannot send data. Auth method is CHAP/MD5.
Allowed protocols are set to CHAP and PAP only.