Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Cisco RADIUS Client did not complete EAP transaction

This thread has been viewed 7 times

  • 1.  Cisco RADIUS Client did not complete EAP transaction

    Posted Feb 24, 2015 01:04 PM

    I setup Cisco with Clearpass, see 'RADIUS Client did not complete EAP transaction' in Access Tracker .

     

    2015-02-24 12:59:51,029 [Th 2 Req 189 SessId R00000076-01-54ecbc17] INFO RadiusServer.Radius - rlm_service: Starting Service Categorization - 48:250:5C-FF-35-03-11-C8
    2015-02-24 12:59:51,033 [RequestHandler-1-0x7f5140360700 r=psauto-1423510654-247 h=79 r=R00000076-01-54ecbc17] INFO Core.ServiceReqHandler - Service classification result = cisco-wired
    2015-02-24 12:59:51,034 [Th 2 Req 189 SessId R00000076-01-54ecbc17] INFO RadiusServer.Radius - rlm_service: The request has been categorized into service "cisco-wired"
    2015-02-24 12:59:51,034 [Th 2 Req 189 SessId R00000076-01-54ecbc17] INFO RadiusServer.Radius - rlm_sql: searching for user netlab1 in Local:localhost
    2015-02-24 12:59:51,036 [Th 2 Req 189 SessId R00000076-01-54ecbc17] INFO RadiusServer.Radius - rlm_sql: found user netlab1 in Local:localhost
    2015-02-24 12:59:51,036 [Th 2 Req 189 SessId R00000076-01-54ecbc17] INFO RadiusServer.Radius - rlm_eap_peap: Initiate
    2015-02-24 12:59:51,036 [Th 2 Req 189 SessId R00000076-01-54ecbc17] INFO RadiusServer.Radius - reqst_update_state: Access-Challenge 48:76:5C-FF-35-03-11-C8:0x0047004b0083001fbd0000001bda70bf1358e0ce17350f71f5092be5
    2015-02-24 13:00:37,213 [main SessId R00000076-01-54ecbc17] ERROR RadiusServer.Radius - reqst_clean_list: Deleting request sessid - R00000076-01-54ecbc17, state - 0x0047004b0083001fbd0000001bda70bf1358e0ce17350f71f5092be5
    2015-02-24 13:00:37,213 [main SessId R00000076-01-54ecbc17] ERROR RadiusServer.Radius - reqst_clean_list: Packet 48:250:76:5C-FF-35-03-11-C8 recv 1424800791.29406 - resp 1424800791.36481

     

    See Cisco config below:

    netlab-SW2#sh run | s aaa
    aaa new-model
    aaa group server radius CPS-group
    server name CPS
    aaa authentication login default local
    aaa authentication dot1x default group radius
    aaa authorization network default group radius
    aaa accounting dot1x default start-stop group radius
    aaa server radius dynamic-author
    client 10.95.2.201 server-key takemeback
    port 3576
    auth-type all
    aaa session-id common

    netlab-SW2#sh run int f0/7
    Building configuration...

    Current configuration : 344 bytes
    !
    interface FastEthernet0/7
    description PC-test
    switchport access vlan 621
    switchport mode access
    authentication host-mode multi-auth
    authentication open
    authentication port-control auto
    authentication periodic
    authentication timer reauthenticate server
    dot1x pae authenticator
    dot1x timeout tx-period 10
    spanning-tree portfast
    end



  • 2.  RE: Cisco RADIUS Client did not complete EAP transaction

    EMPLOYEE
    Posted Feb 24, 2015 02:25 PM
    What type of client?

    What EAP method are you using?

    Can you try updating the drivers?


  • 3.  RE: Cisco RADIUS Client did not complete EAP transaction

    Posted Feb 24, 2015 02:28 PM

    Sorry I just find out that Cisco switch was pointed to mgmt interface of Clearpass, not external ...where it was routed to. So there was no response from Clearpass to Cisco authenticator..all set now