Security

Reply
Contributor I
Posts: 25
Registered: ‎01-23-2015

Cisco RADIUS Client did not complete EAP transaction

I setup Cisco with Clearpass, see 'RADIUS Client did not complete EAP transaction' in Access Tracker .

 

2015-02-24 12:59:51,029 [Th 2 Req 189 SessId R00000076-01-54ecbc17] INFO RadiusServer.Radius - rlm_service: Starting Service Categorization - 48:250:5C-FF-35-03-11-C8
2015-02-24 12:59:51,033 [RequestHandler-1-0x7f5140360700 r=psauto-1423510654-247 h=79 r=R00000076-01-54ecbc17] INFO Core.ServiceReqHandler - Service classification result = cisco-wired
2015-02-24 12:59:51,034 [Th 2 Req 189 SessId R00000076-01-54ecbc17] INFO RadiusServer.Radius - rlm_service: The request has been categorized into service "cisco-wired"
2015-02-24 12:59:51,034 [Th 2 Req 189 SessId R00000076-01-54ecbc17] INFO RadiusServer.Radius - rlm_sql: searching for user netlab1 in Local:localhost
2015-02-24 12:59:51,036 [Th 2 Req 189 SessId R00000076-01-54ecbc17] INFO RadiusServer.Radius - rlm_sql: found user netlab1 in Local:localhost
2015-02-24 12:59:51,036 [Th 2 Req 189 SessId R00000076-01-54ecbc17] INFO RadiusServer.Radius - rlm_eap_peap: Initiate
2015-02-24 12:59:51,036 [Th 2 Req 189 SessId R00000076-01-54ecbc17] INFO RadiusServer.Radius - reqst_update_state: Access-Challenge 48:76:5C-FF-35-03-11-C8:0x0047004b0083001fbd0000001bda70bf1358e0ce17350f71f5092be5
2015-02-24 13:00:37,213 [main SessId R00000076-01-54ecbc17] ERROR RadiusServer.Radius - reqst_clean_list: Deleting request sessid - R00000076-01-54ecbc17, state - 0x0047004b0083001fbd0000001bda70bf1358e0ce17350f71f5092be5
2015-02-24 13:00:37,213 [main SessId R00000076-01-54ecbc17] ERROR RadiusServer.Radius - reqst_clean_list: Packet 48:250:76:5C-FF-35-03-11-C8 recv 1424800791.29406 - resp 1424800791.36481

 

See Cisco config below:

netlab-SW2#sh run | s aaa
aaa new-model
aaa group server radius CPS-group
server name CPS
aaa authentication login default local
aaa authentication dot1x default group radius
aaa authorization network default group radius
aaa accounting dot1x default start-stop group radius
aaa server radius dynamic-author
client 10.95.2.201 server-key takemeback
port 3576
auth-type all
aaa session-id common

netlab-SW2#sh run int f0/7
Building configuration...

Current configuration : 344 bytes
!
interface FastEthernet0/7
description PC-test
switchport access vlan 621
switchport mode access
authentication host-mode multi-auth
authentication open
authentication port-control auto
authentication periodic
authentication timer reauthenticate server
dot1x pae authenticator
dot1x timeout tx-period 10
spanning-tree portfast
end

Guru Elite
Posts: 8,204
Registered: ‎09-08-2010

Re: Cisco RADIUS Client did not complete EAP transaction

What type of client?

What EAP method are you using?

Can you try updating the drivers?

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Contributor I
Posts: 25
Registered: ‎01-23-2015

Re: Cisco RADIUS Client did not complete EAP transaction

Sorry I just find out that Cisco switch was pointed to mgmt interface of Clearpass, not external ...where it was routed to. So there was no response from Clearpass to Cisco authenticator..all set now

Search Airheads
Showing results for 
Search instead for 
Did you mean: