Security

Reply
Occasional Contributor II
Posts: 10
Registered: ‎11-19-2014

802.1x authentication failed

HI all , 

i have problem configure 802.1x with Radius server 

i get this output for show auth-tracebuf :

Jul 7 00:35:45 station-down * 4c:ed:de:30:fc:8d 04:bd:88:03:53:e0 - -
Jul 7 00:35:49 eap-id-req <- 24:fd:52:ea:a6:d1 04:bd:88:03:53:e0 1 5
Jul 7 00:35:54 eap-id-req <- 24:fd:52:ea:a6:d1 04:bd:88:03:53:e0 1 5
Jul 7 00:35:54 eap-id-resp -> 24:fd:52:ea:a6:d1 04:bd:88:03:53:e0 1 26 ELARABYGROUP\hsabet01
Jul 7 00:35:54 rad-req -> 24:fd:52:ea:a6:d1 04:bd:88:03:53:e0 45 239
Jul 7 00:35:56 station-down * 3c:47:11:76:f2:1a 04:bd:88:03:53:e1 - -
Jul 7 00:35:57 station-up * 3c:47:11:76:f2:1a 04:bd:88:03:53:e1 - - open system
Jul 7 00:35:59 dot1x-timeout * 24:fd:52:ea:a6:d1 04:bd:88:03:53:e0 1 3 server timeout
Jul 7 00:35:59 dot1x-timeout * 24:fd:52:ea:a6:d1 04:bd:88:03:53:e0 2 2 station timeout
Jul 7 00:35:59 eap-id-req <- 24:fd:52:ea:a6:d1 04:bd:88:03:53:e0 2 5
Jul 7 00:35:59 eap-id-resp -> 24:fd:52:ea:a6:d1 04:bd:88:03:53:e0 2 26 ELARABYGROUP\hsabet01
Jul 7 00:35:59 rad-req -> 24:fd:52:ea:a6:d1 04:bd:88:03:53:e0 46 239
Jul 7 00:35:59 rad-reject <- 24:fd:52:ea:a6:d1 04:bd:88:03:53:e0/Gpx-Radiua 46 44
Jul 7 00:35:59 eap-failure <- 24:fd:52:ea:a6:d1 04:bd:88:03:53:e0 2 4 server rejected
Jul 7 00:36:29 eap-id-req <- 24:fd:52:ea:a6:d1 04:bd:88:03:53:e0 3 5
Jul 7 00:36:34 eap-id-req <- 24:fd:52:ea:a6:d1 04:bd:88:03:53:e0 4 5
Jul 7 00:36:39 eap-id-req <- 24:fd:52:ea:a6:d1 04:bd:88:03:53:e0 4 5
Jul 7 00:36:42 station-up * 74:de:2b:5e:3e:04 04:bd:88:03:53:e0 - - wpa2 aes
Jul 7 00:36:42 eap-id-req <- 74:de:2b:5e:3e:04 04:bd:88:03:53:e0 1 5
Jul 7 00:36:42 eap-id-resp -> 74:de:2b:5e:3e:04 04:bd:88:03:53:e0 1 26 ELARABYGROUP\hgamal01
Jul 7 00:36:42 rad-req -> 74:de:2b:5e:3e:04 04:bd:88:03:53:e0 47 239
Jul 7 00:36:42 rad-reject <- 74:de:2b:5e:3e:04 04:bd:88:03:53:e0/Gpx-Radiua 47 44
Jul 7 00:36:42 eap-failure <- 74:de:2b:5e:3e:04 04:bd:88:03:53:e0 1 4 server rejected
Jul 7 00:36:44 eap-id-req <- 24:fd:52:ea:a6:d1 04:bd:88:03:53:e0 4 5
Jul 7 00:36:49 eap-id-req <- 24:fd:52:ea:a6:d1 04:bd:88:03:53:e0 5 5
Jul 7 00:36:54 eap-id-req <- 24:fd:52:ea:a6:d1 04:bd:88:03:53:e0 5 5
Jul 7 00:36:59 eap-id-req <- 24:fd:52:ea:a6:d1 04:bd:88:03:53:e0 5 5
Jul 7 00:37:04 eap-id-req <- 24:fd:52:ea:a6:d1 04:bd:88:03:53:e0 6 5
Jul 7 00:37:09 eap-id-req <- 24:fd:52:ea:a6:d1 04:bd:88:03:53:e0 6 5
Jul 7 00:37:12 eap-id-req <- 74:de:2b:5e:3e:04 04:bd:88:03:53:e0 2 5
Jul 7 00:37:14 eap-id-req <- 24:fd:52:ea:a6:d1 04:bd:88:03:53:e0 6 5
Jul 7 00:37:15 station-up * a0:88:69:9b:2a:ad 04:bd:88:03:53:e0 - - wpa2 aes
Jul 7 00:37:15 eap-id-req <- a0:88:69:9b:2a:ad 04:bd:88:03:53:e0 1 5

Also here is log from event Viewer on the NAP server 

User:

        Security ID:                    NULL SID

        Account Name:                   EGROUP\hahmed02

        Account Domain:                 -

        Fully Qualified Account Name:   -

Client Machine:

        Security ID:                    NULL SID

        Account Name:                   -

        Fully Qualified Account Name:   -

        OS-Version:                     -

        Called Station Identifier:              000B86BEFE88

        Calling Station Identifier:             A088699B2AAD

NAS:

        NAS IPv4 Address:               10.34.201.250

        NAS IPv6 Address:               -

        NAS Identifier:                 10.34.201.250

        NAS Port-Type:                  Wireless - IEEE 802.11

        NAS Port:                       0

RADIUS Client:

        Client Friendly Name:           Aruba_Controller

        Client IP Address:                      10.34.201.250

Authentication Details:

        Connection Request Policy Name: -

        Network Policy Name:            -

        Authentication Provider:                -

        Authentication Server:          EGCAINPS02.egroup.com

        Authentication Type:            -

        EAP Type:                       -

        Account Session Identifier:             -

        Logging Results:                        Accounting information was written to the local log file.

        Reason Code:                    49

        Reason:                         The RADIUS request did not match any configured connection request policy (CRP).

 ----------------------------

when trying to test aaa Sever from controller it's failed to authenticate 

i reconfigured the radius server to confirm the key is right 

kindly adivce what to do next to figure out this problem 

 

 

Guru Elite
Posts: 21,487
Registered: ‎03-29-2007

Re: 802.1x authentication failed

"The RADIUS request did not match any configured connection request policy (CRP)."

 

You did not write your radius server policy correctly.  You probably have extra rules specified.

 

Please see the post/document here:  http://community.arubanetworks.com/t5/Community-Tribal-Knowledge-Base/Step-by-Step-How-to-Configure-Microsoft-NPS-2008-Radius-Server/ta-p/80672 for an example.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: