Hi Ayydam,
Please find below,
00:4e:35:ca:2b:e8# sh ap debug auth-trace-buf
Auth Trace Buffer
-----------------
Jan 1 01:11:16 rad-resp <- c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 17 -
Jan 1 01:11:16 eap-req <- c8:21:58:9e:0a:93 00:4e:35:22:be:90 3 6
Jan 1 01:11:16 eap-resp -> c8:21:58:9e:0a:93 00:4e:35:22:be:90 3 166
Jan 1 01:11:16 rad-req -> c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 18 387
Jan 1 01:11:16 rad-resp <- c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 18 -
Jan 1 01:11:16 eap-req <- c8:21:58:9e:0a:93 00:4e:35:22:be:90 4 1096
Jan 1 01:11:16 eap-resp -> c8:21:58:9e:0a:93 00:4e:35:22:be:90 4 6
Jan 1 01:11:16 rad-req -> c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 19 227
Jan 1 01:11:16 rad-resp <- c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 19 -
Jan 1 01:11:16 eap-req <- c8:21:58:9e:0a:93 00:4e:35:22:be:90 5 1096
Jan 1 01:11:16 eap-resp -> c8:21:58:9e:0a:93 00:4e:35:22:be:90 5 6
Jan 1 01:11:16 rad-req -> c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 20 227
Jan 1 01:11:16 rad-resp <- c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 20 -
Jan 1 01:11:16 eap-req <- c8:21:58:9e:0a:93 00:4e:35:22:be:90 6 1096
Jan 1 01:11:16 eap-resp -> c8:21:58:9e:0a:93 00:4e:35:22:be:90 6 6
Jan 1 01:11:16 rad-req -> c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 21 227
Jan 1 01:11:16 rad-resp <- c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 21 -
Jan 1 01:11:16 eap-req <- c8:21:58:9e:0a:93 00:4e:35:22:be:90 7 1096
Jan 1 01:11:16 eap-resp -> c8:21:58:9e:0a:93 00:4e:35:22:be:90 7 6
Jan 1 01:11:16 rad-req -> c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 22 227
Jan 1 01:11:16 rad-resp <- c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 22 -
Jan 1 01:11:16 eap-req <- c8:21:58:9e:0a:93 00:4e:35:22:be:90 8 865
Jan 1 01:11:16 eap-resp -> c8:21:58:9e:0a:93 00:4e:35:22:be:90 8 207
Jan 1 01:11:16 rad-req -> c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 23 428
Jan 1 01:11:16 rad-resp <- c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 23 -
Jan 1 01:11:16 eap-req <- c8:21:58:9e:0a:93 00:4e:35:22:be:90 9 61
Jan 1 01:11:16 eap-resp -> c8:21:58:9e:0a:93 00:4e:35:22:be:90 9 39
Jan 1 01:11:16 rad-req -> c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 24 260
Jan 1 01:11:16 rad-reject <- c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 24 -
Jan 1 01:11:16 eap-failure <- c8:21:58:9e:0a:93 00:4e:35:22:be:90 9 4 server rejected
Jan 1 01:11:23 station-up * c8:21:58:9e:0a:93 00:4e:35:22:be:90 - - wpa2 aes
Jan 1 01:11:23 eap-id-req <- c8:21:58:9e:0a:93 00:4e:35:22:be:90 1 5
Jan 1 01:11:23 eap-start -> c8:21:58:9e:0a:93 00:4e:35:22:be:90 - -
Jan 1 01:11:23 eap-id-req <- c8:21:58:9e:0a:93 00:4e:35:22:be:90 1 5
Jan 1 01:11:28 eap-id-req <- c8:21:58:9e:0a:93 00:4e:35:22:be:90 1 5
Jan 1 01:11:33 eap-id-req <- c8:21:58:9e:0a:93 00:4e:35:22:be:90 2 5
Jan 1 01:11:38 eap-id-req <- c8:21:58:9e:0a:93 00:4e:35:22:be:90 2 5
Jan 1 01:11:40 eap-id-resp -> c8:21:58:9e:0a:93 00:4e:35:22:be:90 2 21 wireless\gallery
Jan 1 01:11:40 rad-req -> c8:21:58:9e:0a:93 00:4e:35:22:be:90 25 211
Jan 1 01:11:40 rad-resp <- c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 25 -
Jan 1 01:11:40 eap-req <- c8:21:58:9e:0a:93 00:4e:35:22:be:90 3 6
Jan 1 01:11:40 eap-resp -> c8:21:58:9e:0a:93 00:4e:35:22:be:90 3 166
Jan 1 01:11:40 rad-req -> c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 26 381
Jan 1 01:11:40 rad-resp <- c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 26 -
Jan 1 01:11:40 eap-req <- c8:21:58:9e:0a:93 00:4e:35:22:be:90 4 1096
Jan 1 01:11:40 eap-resp -> c8:21:58:9e:0a:93 00:4e:35:22:be:90 4 6
Jan 1 01:11:40 rad-req -> c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 27 221
Jan 1 01:11:40 rad-resp <- c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 27 -
Jan 1 01:11:40 eap-req <- c8:21:58:9e:0a:93 00:4e:35:22:be:90 5 1096
Jan 1 01:11:40 eap-resp -> c8:21:58:9e:0a:93 00:4e:35:22:be:90 5 6
Auth Trace Buffer
-----------------
Jan 1 01:11:40 rad-req -> c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 28 221
Jan 1 01:11:40 rad-resp <- c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 28 -
Jan 1 01:11:40 eap-req <- c8:21:58:9e:0a:93 00:4e:35:22:be:90 6 1096
Jan 1 01:11:40 eap-resp -> c8:21:58:9e:0a:93 00:4e:35:22:be:90 6 6
Jan 1 01:11:40 rad-req -> c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 29 221
Jan 1 01:11:40 rad-resp <- c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 29 -
Jan 1 01:11:40 eap-req <- c8:21:58:9e:0a:93 00:4e:35:22:be:90 7 1096
Jan 1 01:11:40 eap-resp -> c8:21:58:9e:0a:93 00:4e:35:22:be:90 7 6
Jan 1 01:11:40 rad-req -> c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 30 221
Jan 1 01:11:40 rad-resp <- c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 30 -
Jan 1 01:11:40 eap-req <- c8:21:58:9e:0a:93 00:4e:35:22:be:90 8 865
Jan 1 01:11:40 eap-resp -> c8:21:58:9e:0a:93 00:4e:35:22:be:90 8 207
Jan 1 01:11:40 rad-req -> c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 31 422
Jan 1 01:11:40 rad-resp <- c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 31 -
Jan 1 01:11:40 eap-req <- c8:21:58:9e:0a:93 00:4e:35:22:be:90 9 61
Jan 1 01:11:40 eap-resp -> c8:21:58:9e:0a:93 00:4e:35:22:be:90 9 39
Jan 1 01:11:40 rad-req -> c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 32 254
Jan 1 01:11:40 rad-reject <- c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 32 -
Jan 1 01:11:40 eap-failure <- c8:21:58:9e:0a:93 00:4e:35:22:be:90 9 4 server rejected
Jan 1 02:07:06 station-up * c8:21:58:9e:0a:93 00:4e:35:22:be:91 - - wpa2 aes
Jan 1 02:07:06 eap-id-req <- c8:21:58:9e:0a:93 00:4e:35:22:be:91 1 5
Jan 1 02:07:06 eap-start -> c8:21:58:9e:0a:93 00:4e:35:22:be:91 - -
Jan 1 02:07:06 eap-id-req <- c8:21:58:9e:0a:93 00:4e:35:22:be:91 1 5
Jan 1 02:07:11 eap-id-req <- c8:21:58:9e:0a:93 00:4e:35:22:be:91 1 5
Jan 1 02:07:16 eap-id-req <- c8:21:58:9e:0a:93 00:4e:35:22:be:91 2 5
Jan 1 02:07:20 eap-id-resp -> c8:21:58:9e:0a:93 00:4e:35:22:be:91 2 27 wireless\idham.khaidir
Jan 1 02:07:20 rad-req -> c8:21:58:9e:0a:93 00:4e:35:22:be:91 2 222
Jan 1 02:07:20 rad-reject <- c8:21:58:9e:0a:93 00:4e:35:22:be:91/warid 2 -
Jan 1 02:07:20 eap-failure <- c8:21:58:9e:0a:93 00:4e:35:22:be:91 2 4 server rejected
Jan 1 02:07:27 station-up * c8:21:58:9e:0a:93 00:4e:35:22:be:90 - - wpa2 aes
Jan 1 02:07:27 eap-id-req <- c8:21:58:9e:0a:93 00:4e:35:22:be:90 1 5
Jan 1 02:07:27 eap-start -> c8:21:58:9e:0a:93 00:4e:35:22:be:90 - -
Jan 1 02:07:27 eap-id-req <- c8:21:58:9e:0a:93 00:4e:35:22:be:90 1 5
Jan 1 02:07:32 eap-id-req <- c8:21:58:9e:0a:93 00:4e:35:22:be:90 1 5
Jan 1 02:07:37 eap-id-req <- c8:21:58:9e:0a:93 00:4e:35:22:be:90 2 5
Jan 1 02:07:42 eap-id-req <- c8:21:58:9e:0a:93 00:4e:35:22:be:90 2 5
Jan 1 02:07:43 eap-id-resp -> c8:21:58:9e:0a:93 00:4e:35:22:be:90 2 27 wireless\idham.khaidir
Jan 1 02:07:43 rad-req -> c8:21:58:9e:0a:93 00:4e:35:22:be:90 33 223
Jan 1 02:07:43 rad-resp <- c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 33 -
Jan 1 02:07:43 eap-req <- c8:21:58:9e:0a:93 00:4e:35:22:be:90 3 6
Jan 1 02:07:43 eap-resp -> c8:21:58:9e:0a:93 00:4e:35:22:be:90 3 166
Jan 1 02:07:43 rad-req -> c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 34 387
Jan 1 02:07:44 rad-resp <- c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 34 -
Jan 1 02:07:44 eap-req <- c8:21:58:9e:0a:93 00:4e:35:22:be:90 4 1096
Jan 1 02:07:44 eap-resp -> c8:21:58:9e:0a:93 00:4e:35:22:be:90 4 6
Jan 1 02:07:44 rad-req -> c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 35 227
Jan 1 02:07:44 rad-resp <- c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 35 -
Jan 1 02:07:44 eap-req <- c8:21:58:9e:0a:93 00:4e:35:22:be:90 5 1096
Jan 1 02:07:44 eap-resp -> c8:21:58:9e:0a:93 00:4e:35:22:be:90 5 6
Jan 1 02:07:44 rad-req -> c8:21:58:9e:0a:93 00:4e:35:22:be:90/dhcp-svr 36 227
------------------------------
Idham Khaidir
------------------------------
Original Message:
Sent: Nov 18, 2020 03:50 AM
From: Ayman Mukaddam
Subject: WPA2 Enterprise on IAP
Hi,
Do you have access to the Radius Server to check its configuration? Is the Radius server sending a reject?
What is the output of show auth-tracebuf mac <MAC OF DEVICE>
------------------------------
Ayman Mukaddam
Original Message:
Sent: Nov 18, 2020 12:47 AM
From: Idham Khaidir
Subject: WPA2 Enterprise on IAP
We have configured WPA2 Enterprise on IAP 325. But user got fail connections.
Authentication using external Radius. Shared key already same configure on Server.
How to check aaa authentication and create best configuration for IAP.
------------------------------
Idham Khaidir
------------------------------