Controlling Radius authentication

Hi All,
We are using RSA as authentication server for Networking Devices Authentication(Cisco ASA, Cisco 6506, Cisco 35xx). Now If We authorized an user in RSA to login to ASA then he simply "log in" to Firewall. So this way it allowes al the RSA users(what if RSA users are 100+) to login to ASA and then can play with it(Sounds really scary).
Being a Network Admin I also need to depend on RSA for authentication. Now here are my Questions:
1.> Is there any way to give locally authentication to Network Admins.
2.> All RSA users can login to ASA. I understand as we have configured RSA as authentication server so It will happen. But can't we control there privilage level and access limitations to ASA and other Networking Devices ?

Yup, that's the unfortunate truth about browsers. There's nothing
programmatically from the server side (JSP/servlet) you can do to know when
the user CTRL-F4s their browser (short of the JS on the client page, but
even then, you aren't guaranteed it's execution). :< That's part of the joy
of using a browser for your client. I've seen this with JSPs and with ASPs
(so MS has this problem as well).
But as the other posting mentioned, the way most sites handle it is with the
javascript or with a submit button or something on the server that
explicitly logs the user out and releases all memory/objects used by that
session. Try your online bank, or TicketMaster, I think they all have a
logout button on their page. We're turfing our older J2EE engine for
WebLogic cause of the session logout functionality wasn't working dependably
(among other reasons :>).
Good luck! :>
"Cameron Purdy" <[email protected]> wrote in message
news:3c470fdd$[email protected]..
You can't. That's the answer.
You can get close if you want to use JavaScript on the client (on close
event to trigger an "invalidate session" Servlet).
On the server, you can use HttpSessionListener to see when a session dies.
Peace,
Cameron Purdy
Tangosol, Inc.
Clustering Weblogic? You're either using Coherence, or you should be!
Download a Tangosol Coherence eval today at http://www.tangosol.com/
"Juan Espino" <[email protected]> wrote in message
news:3c46c648$[email protected]..
Hi everybody!
I've got a problem. My aplication was developed to allow some
connections
at the
same time with the same user and password and without session timeinvalidation.
But now, it's necessary to avoid all of this. So i've thought to controlthe different
logins with a hashtable in the app context, but my problem is that i
don't
know
when an user session ends or when the nvigator is closed.
plz, can anybody tell me a way to resolve this?
thx

Similar Messages

MacBook Pro will not connect to RADIUS authenticated SSID

We are having problems with MacBook Pros and a MacBook Air not connecting to our wireless network. We have successfully connected hundreds of iPads and multiple other machines. All of the non-working machines are running OS X 10.9.5. The MacBook Air is brand new.
We have a centrally managed wireless system made by Avaya. The SSID they are trying to connect to is protected by a password and RADIUS authentication. The SSID is called KT_MAC.
A typical scenario looks like this:
I add the device's MAC address to the RADIUS server (add it to the MAC OU in AD and add it to the MACAuth group)
I attempt to connect to the KT_MAC SSID
I am prompted for the password, which I type in
Sometimes it connects on the first try, but usually it doesn't. It will say something along the lines of Unable to join KT_MAC network or something.
I then attempt to connect to the KT_MAC SSID again
I am prompted for the password again, which I type in again
It generally connects on this second attempt but not always.
We have tried resetting the PRAM as well as deleting the saved profiles from each machine. Any guidance you can provide would be appreciated. Thank you.
Here is the wifi.log from one of the affected MacBook Pros:
Wed Apr 16 06:45:25.344 ***Starting Up***
Wed Apr 16 06:45:38.389 <airportd[79]> airportdProcessDLILEvent: en1 attached (down)
Wed Apr 16 06:45:39.056 <airportd[79]> _handleLinkEvent: WiFi is not powered. Resetting state variables.
Wed Apr 16 10:40:37.435 ***Starting Up***
Wed Apr 16 10:40:53.769 <airportd[79]> airportdProcessDLILEvent: en1 attached (down)
Wed Apr 16 10:40:53.786 <airportd[79]> _handleLinkEvent: WiFi is not powered. Resetting state variables.
Wed Apr 16 10:44:46.113 ***Starting Up***
Wed Apr 16 10:44:46.130 <airportd[61]> airportdProcessDLILEvent: en1 attached (up)
Thu Apr 17 09:20:53.884 ***Starting Up***
Thu Apr 17 09:21:09.766 <airportd[79]> airportdProcessDLILEvent: en1 attached (down)
Thu Apr 17 09:21:09.794 <airportd[79]> _handleLinkEvent: WiFi is not powered. Resetting state variables.
Thu Apr 17 09:25:11.200 ***Starting Up***
Thu Apr 17 09:25:11.223 <airportd[62]> airportdProcessDLILEvent: en1 attached (up)
Fri Jun 6 09:31:42.478 ***Starting Up***
Fri Jun 6 09:31:58.966 <airportd[80]> airportdProcessDLILEvent: en1 attached (down)
Fri Jun 6 09:31:59.026 <airportd[80]> _handleLinkEvent: WiFi is not powered. Resetting state variables.
Fri Jun 6 09:36:06.250 ***Starting Up***
Fri Jun 6 09:36:06.270 <airportd[62]> airportdProcessDLILEvent: en1 attached (up)
Fri Jun 6 09:45:40.827 ***Starting Up***
Fri Jun 6 09:45:41.100 <airportd[64]> airportdProcessDLILEvent: en1 attached (up)
Thu Aug 7 14:07:36.331 ***Starting Up***
Thu Aug 7 14:07:51.354 <airportd[79]> airportdProcessDLILEvent: en1 attached (down)
Thu Aug 7 14:07:51.362 <airportd[79]> _handleLinkEvent: WiFi is not powered. Resetting state variables.
Thu Aug 7 14:09:52.852 ***Starting Up***
Thu Aug 7 14:09:52.863 <airportd[65]> airportdProcessDLILEvent: en1 attached (up)
Thu Aug 7 14:18:27.352 ***Starting Up***
Thu Aug 7 14:18:27.478 <airportd[64]> airportdProcessDLILEvent: en1 attached (up)
Wed Aug 13 10:08:40.677 ***Starting Up***
Wed Aug 13 10:08:54.747 <airportd[79]> airportdProcessDLILEvent: en1 attached (down)
Wed Aug 13 10:08:54.775 <airportd[79]> _handleLinkEvent: WiFi is not powered. Resetting state variables.
Wed Aug 13 10:11:16.001 ***Starting Up***
Wed Aug 13 10:11:16.019 <airportd[65]> airportdProcessDLILEvent: en1 attached (up)
Wed Aug 13 10:36:42.311 <airportd[65]> _processSystemPSKAssoc: No password for network <CWNetwork: 0x7fb319c0c600> [ssid=KT_MAC, bssid=cc:f9:54:9c:0c:95, security=WPA/WPA2 Personal, rssi=-48, channel=<CWChannel: 0x7fb319c0be20> [channelNumber=11(2GHz), channelWidth={20MHz}], ibss=0] in the system keychain
Wed Aug 13 10:37:06.172 <airportd[65]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 13 10:37:06.319 <airportd[65]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 13 10:42:28.162 <airportd[65]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 13 10:42:28.927 <airportd[65]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 13 10:46:15.069 <airportd[65]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 13 10:55:15.558 <airportd[65]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 13 10:55:48.574 ***Starting Up***
Wed Aug 13 10:55:48.607 <airportd[65]> airportdProcessDLILEvent: en1 attached (up)
Wed Aug 13 10:57:06.316 <airportd[65]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 13 11:01:36.170 <airportd[65]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 13 11:02:08.821 ***Starting Up***
Wed Aug 13 11:02:08.860 <airportd[66]> airportdProcessDLILEvent: en1 attached (up)
Wed Aug 13 11:03:30.508 <airportd[66]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 13 11:51:20.003 <airportd[66]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 13 11:51:21.436 <airportd[66]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 13 11:51:28.110 <airportd[66]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 13 14:19:51.335 <airportd[66]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 13 14:19:51.881 <airportd[66]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 13 14:20:42.635 <airportd[66]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 13 14:24:03.774 <airportd[66]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 13 14:24:04.289 <airportd[66]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 13 14:24:13.201 <airportd[66]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 13 14:28:39.658 <airportd[66]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 13 14:28:40.139 <airportd[66]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 13 14:29:19.235 <airportd[66]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 13 14:30:30.152 <airportd[66]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 13 14:30:30.639 <airportd[66]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 13 14:30:39.280 <airportd[66]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 13 14:41:45.386 <airportd[66]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 13 14:41:45.870 <airportd[66]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 13 14:42:01.343 <airportd[66]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 13 14:45:19.733 <airportd[66]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 13 14:45:20.322 <airportd[66]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 13 14:46:21.947 <airportd[66]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 13 14:46:46.015 <airportd[66]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 13 14:46:46.938 <airportd[66]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 13 14:47:23.876 ***Starting Up***
Wed Aug 13 14:47:23.980 <airportd[76]> airportdProcessDLILEvent: en1 attached (down)
Wed Aug 13 14:47:30.166 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 13 14:47:49.006 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 13 14:50:45.857 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 13 14:50:46.733 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 13 14:50:53.301 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 13 14:53:50.650 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 13 14:53:51.139 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 13 14:53:55.950 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 13 14:54:04.344 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 13 14:54:04.890 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 13 14:54:10.672 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 13 15:29:37.354 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 13 15:29:37.949 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 13 15:29:43.381 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Thu Aug 14 07:45:08.606 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Thu Aug 14 07:45:09.095 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Thu Aug 14 07:45:15.685 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Thu Aug 14 07:52:36.817 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Thu Aug 14 07:52:37.317 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Thu Aug 14 07:52:43.699 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Thu Aug 14 10:35:31.857 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Thu Aug 14 10:35:32.343 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Thu Aug 14 10:35:37.513 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Thu Aug 14 15:14:58.070 <airportd[76]> _handleLinkEvent: WiFi is not powered. Resetting state variables.
Wed Aug 20 09:02:37.988 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 20 09:04:16.526 <airportd[76]> _handleLinkEvent: WiFi is not powered. Resetting state variables.
Wed Aug 20 13:38:15.045 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 20 13:42:00.449 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 20 13:42:00.947 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 20 13:42:06.664 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 20 14:19:00.054 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 20 14:19:00.467 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 20 14:19:05.892 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 20 14:19:12.064 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 20 14:19:12.709 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 20 14:19:17.467 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 20 14:19:26.654 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 20 14:19:27.140 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 20 14:19:32.104 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 20 14:19:38.083 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 20 14:19:38.597 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 20 14:19:44.561 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 20 14:20:58.990 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 20 14:20:59.540 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Thu Aug 21 07:48:48.223 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Thu Aug 21 07:51:31.070 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Thu Aug 21 07:51:31.627 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Thu Aug 21 07:51:44.224 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Thu Aug 21 07:55:39.838 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Thu Aug 21 07:55:40.309 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Thu Aug 21 07:55:48.012 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Thu Aug 21 07:56:10.669 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Thu Aug 21 07:56:11.170 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Thu Aug 21 07:56:16.734 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Thu Aug 21 07:56:38.283 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Thu Aug 21 07:56:38.782 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Thu Aug 21 07:56:43.755 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Thu Aug 21 07:57:27.425 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Thu Aug 21 07:57:27.862 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Thu Aug 21 11:00:35.541 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Thu Aug 21 11:07:15.263 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Thu Aug 21 11:07:20.996 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Thu Aug 21 11:07:35.210 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Thu Aug 21 11:08:08.856 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Thu Aug 21 11:08:09.394 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Thu Aug 21 11:09:40.498 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Thu Aug 21 14:00:57.796 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Thu Aug 21 14:00:58.388 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Thu Aug 21 14:01:09.718 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Thu Aug 21 14:02:10.320 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Thu Aug 21 14:02:10.841 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Thu Aug 21 14:02:16.251 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Thu Aug 21 15:19:57.730 <airportd[76]> _handleLinkEvent: WiFi is not powered. Resetting state variables.
Thu Aug 21 17:20:21.212 <airportd[76]> _handleLinkEvent: WiFi is not powered. Resetting state variables.
Tue Aug 26 09:40:29.421 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Tue Aug 26 09:40:31.018 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Tue Aug 26 09:40:39.112 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Tue Aug 26 12:33:17.002 <airportd[76]> _handleLinkEvent: WiFi is not powered. Resetting state variables.
Wed Aug 27 11:19:57.907 <airportd[76]> _handleLinkEvent: WiFi is not powered. Resetting state variables.
Wed Aug 27 13:39:45.540 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 27 13:39:49.983 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 27 13:39:51.109 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 27 13:40:03.295 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 27 13:40:24.889 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 27 13:40:25.379 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 27 13:40:25.412 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 27 13:43:14.013 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 27 14:00:05.235 <airportd[76]> _handleLinkEvent: WiFi is not powered. Resetting state variables.
Wed Aug 27 14:39:41.454 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 27 14:40:24.778 ***Starting Up***
Wed Aug 27 14:40:24.962 <airportd[74]> airportdProcessDLILEvent: en1 attached (up)
Wed Aug 27 16:19:03.698 <airportd[74]> _handleLinkEvent: WiFi is not powered. Resetting state variables.
Thu Aug 28 08:46:43.526 <airportd[74]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Thu Aug 28 10:17:27.689 <airportd[74]> _handleLinkEvent: WiFi is not powered. Resetting state variables.
Thu Aug 28 11:28:30.790 <airportd[74]> _handleLinkEvent: Got an error trying to query WiFi for power. Resetting state variables.
Thu Aug 28 11:29:13.259 <airportd[74]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Thu Aug 28 11:29:44.661 ***Starting Up***
Thu Aug 28 11:29:45.001 <airportd[69]> airportdProcessDLILEvent: en1 attached (up)
Thu Aug 28 11:30:36.331 <airportd[69]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Thu Aug 28 11:46:38.432 <airportd[69]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Thu Aug 28 11:46:39.745 <airportd[69]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Thu Aug 28 11:46:47.701 <airportd[69]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Thu Aug 28 11:57:42.197 <airportd[69]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Thu Aug 28 11:57:42.769 <airportd[69]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Thu Aug 28 11:58:11.783 <airportd[69]> _handleLinkEvent: WiFi is not powered. Resetting state variables.
Thu Aug 28 14:20:25.408 <airportd[69]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Thu Aug 28 14:24:19.381 <airportd[69]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Thu Aug 28 14:24:19.850 <airportd[69]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Thu Aug 28 14:24:31.421 <airportd[69]> _handleLinkEvent: WiFi is not powered. Resetting state variables.
Fri Aug 29 14:56:26.295 <airportd[69]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Fri Aug 29 15:22:35.627 <airportd[69]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Fri Aug 29 15:22:36.623 <airportd[69]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Fri Aug 29 15:22:55.827 <airportd[69]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Fri Aug 29 15:23:02.069 <airportd[69]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Fri Aug 29 15:23:02.769 <airportd[69]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Fri Aug 29 15:23:09.667 <airportd[69]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Fri Aug 29 15:23:16.290 <airportd[69]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Fri Aug 29 15:23:16.963 <airportd[69]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Fri Aug 29 15:23:22.575 <airportd[69]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Fri Aug 29 15:25:26.678 <airportd[69]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Fri Aug 29 15:25:27.200 <airportd[69]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Fri Aug 29 15:25:32.201 <airportd[69]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Fri Aug 29 15:26:13.725 <airportd[69]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Fri Aug 29 15:26:14.253 <airportd[69]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Fri Aug 29 15:26:20.486 <airportd[69]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Fri Aug 29 15:26:42.304 <airportd[69]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Fri Aug 29 15:26:42.817 <airportd[69]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Fri Aug 29 15:26:47.337 <airportd[69]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Fri Aug 29 15:27:16.340 <airportd[69]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Fri Aug 29 15:27:16.796 <airportd[69]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Fri Aug 29 15:27:23.720 <airportd[69]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Fri Aug 29 15:29:15.644 <airportd[69]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Fri Aug 29 15:29:16.061 <airportd[69]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Fri Aug 29 15:29:18.938 <airportd[69]> _handleLinkEvent: WiFi is not powered. Resetting state variables.
Wed Sep 3 09:35:54.553 <airportd[69]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Sep 3 09:35:55.902 <airportd[69]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Sep 3 09:36:02.003 <airportd[69]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Sep 3 10:16:04.232 <airportd[69]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Sep 3 10:16:05.097 <airportd[69]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Sep 3 10:16:11.571 <airportd[69]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Sep 3 11:23:20.719 <airportd[69]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Sep 3 11:23:41.332 <airportd[69]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Sep 3 11:23:42.272 <airportd[69]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Sep 3 11:24:19.455 <airportd[69]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Sep 3 11:24:26.410 <airportd[69]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Sep 3 11:24:56.452 <airportd[69]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Sep 3 11:25:01.587 <airportd[69]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Sep 3 11:25:01.710 <airportd[69]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Thu Sep 4 08:07:04.320 <airportd[69]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Thu Sep 4 08:07:05.150 <airportd[69]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Thu Sep 4 09:30:29.203 <airportd[69]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Thu Sep 4 15:37:43.025 <airportd[69]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Thu Sep 4 15:37:43.637 <airportd[69]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Thu Sep 4 15:39:31.062 <airportd[69]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Thu Sep 4 15:42:25.933 <airportd[69]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Thu Sep 4 15:42:26.467 <airportd[69]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Thu Sep 4 15:42:34.515 <airportd[69]> _handleLinkEvent: WiFi is not powered. Resetting state variables.
Fri Sep 5 07:50:25.167 <airportd[69]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Fri Sep 5 07:50:25.648 <airportd[69]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Fri Sep 5 07:50:42.279 <airportd[69]> _handleLinkEvent: WiFi is not powered. Resetting state variables.
Fri Sep 5 11:54:40.981 <airportd[69]> _handleLinkEvent: WiFi is not powered. Resetting state variables.
Wed Sep 10 08:41:58.791 <airportd[69]> _handleLinkEvent: Got an error trying to query WiFi for power. Resetting state variables.
Thu Sep 11 10:07:01.271 <airportd[69]> _handleLinkEvent: WiFi is not powered. Resetting state variables.
Wed Sep 17 15:36:49.049 <airportd[69]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Sep 17 16:01:44.231 <airportd[69]> _handleLinkEvent: WiFi is not powered. Resetting state variables.
Thu Sep 18 08:56:41.771 <airportd[69]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Thu Sep 18 08:56:43.081 <airportd[69]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Thu Sep 18 08:56:43.186 <airportd[69]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Thu Sep 18 09:00:32.568 ***Starting Up***
Thu Sep 18 09:00:33.214 <airportd[64]> airportdProcessDLILEvent: en1 attached (up)
Mon Sep 22 09:22:24.363 <airportd[64]> _handleLinkEvent: WiFi is not powered. Resetting state variables.
Mon Sep 22 09:22:32.890 <airportd[64]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Tue Sep 23 14:41:33.196 <airportd[64]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Tue Sep 23 14:45:22.840 <airportd[64]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Tue Sep 23 14:45:23.438 <airportd[64]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Tue Sep 23 14:45:32.513 <airportd[64]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Sep 24 14:30:58.274 <airportd[64]> _handleLinkEvent: WiFi is not powered. Resetting state variables.
Wed Sep 24 14:56:26.902 <airportd[64]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Sep 24 14:57:33.995 <airportd[64]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Sep 24 14:57:34.531 <airportd[64]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Sep 24 14:57:34.646 <airportd[64]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Sep 24 15:39:07.563 <airportd[64]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Sep 24 15:40:16.183 <airportd[64]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Sep 24 15:40:16.637 <airportd[64]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Sep 24 15:40:43.234 <airportd[64]> _handleLinkEvent: WiFi is not powered. Resetting state variables.
Fri Oct 3 07:41:49.370 <airportd[64]> _handleLinkEvent: WiFi is not powered. Resetting state variables.
Tue Oct 7 07:54:00.397 <airportd[64]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Tue Oct 7 08:10:14.340 <airportd[64]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Tue Oct 7 08:10:15.306 <airportd[64]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Tue Oct 7 08:10:21.639 <airportd[64]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Tue Oct 7 09:04:53.718 <airportd[64]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Tue Oct 7 09:05:55.913 ***Starting Up***
Tue Oct 7 09:05:55.937 <airportd[63]> airportdProcessDLILEvent: en1 attached (down)
Tue Oct 7 09:08:48.018 <kernel> IO80211ScanManager::startScanMultiple: Scan request received from 'airportd' (pid 63) (2 SSIDs, 0 BSSIDs).
Tue Oct 7 09:08:48.018 <kernel> IO80211ScanManager::startScanMultiple: Initiating scan.
Tue Oct 7 09:08:48.323 <airportd[63]> userOnConsole: user: physed
Tue Oct 7 09:08:48.323 <airportd[63]> __startAutoJoinForInterface_block_invoke: AUTOJOIN: Already in progress for interface en1 in wake context 0.
Tue Oct 7 09:08:48.437 <airportd[63]> userOnConsole: user: physed
Tue Oct 7 09:08:48.437 <airportd[63]> __startAutoJoinForInterface_block_invoke: AUTOJOIN: Already in progress for interface en1 in wake context 0.
Tue Oct 7 09:08:48.870 <kernel> IO80211ScanManager::startScan: Broadcast scan request received from 'locationd' (pid 41) ().
Tue Oct 7 09:08:48.870 <kernel> IO80211ScanManager::getScanResult: All scan results returned for 'airportd' (pid 63).
Tue Oct 7 09:08:48.871 <kernel> IO80211ScanManager::getScanResult: All scan results returned for 'locationd' (pid 41).
Tue Oct 7 09:08:48.881 <airportd[63]> matchAndJoinNetworkListAgainstScanResults: matched with SSID “KT_MAC”
Tue Oct 7 09:08:48.881 <airportd[63]> _doAssociate: network: “KT_MAC”, systemMode: 1, userOnConsole: 1
Tue Oct 7 09:08:48.888 <airportd[63]> _doAssociate: Successfully pulled the password from the keychain. Now trying to associate.
Tue Oct 7 09:08:48.920 <airportd[63]> _handleNewMessage: Received XPC message, event = ASSOC_EVENT, pid = 63
Tue Oct 7 09:08:48.921 <airportd[63]> associate: INFO: airportd associate: network=<CWNetwork: 0x7fb243510a20> [ssid=KT_MAC, bssid=cc:f9:54:9c:0c:95, security=WPA/WPA2 Personal, rssi=-46, channel=<CWChannel: 0x7fb2435157d0> [channelNumber=1(2GHz), channelWidth={20MHz}], ibss=0], is8021X=0, remember=1
Tue Oct 7 09:08:48.930 <airportd[63]> associate: INFO: Checking if admin authorization is required
Tue Oct 7 09:08:48.936 <airportd[63]> _SC_callback: Changed keys = { 'State:/Network/Interface/en1/AirPort/CachedScanRecord' 'State:/Network/Interface/en1/AirPort/Power Status' }
Tue Oct 7 09:08:48.936 <airportd[63]> airportdProcessSystemConfigurationEvent: Processing 'State:/Network/Interface/en1/AirPort/CachedScanRecord'
Tue Oct 7 09:08:48.936 <airportd[63]> airportdProcessSystemConfigurationEvent: Processing 'State:/Network/Interface/en1/AirPort/Power Status'
Tue Oct 7 09:08:48.936 <airportd[63]> _SC_callback: Changed keys = { 'State:/Network/Interface/en1/AirPort/Busy' }
Tue Oct 7 09:08:48.936 <airportd[63]> airportdProcessSystemConfigurationEvent: Processing 'State:/Network/Interface/en1/AirPort/Busy'
Tue Oct 7 09:08:48.937 <airportd[63]> _SC_callback: Changed keys = { 'State:/Network/Interface/en1/AirPort/CHANNEL' 'State:/Network/Interface/en1/AirPort/AutoJoinTimestamp' }
Tue Oct 7 09:08:48.937 <airportd[63]> airportdProcessSystemConfigurationEvent: Processing 'State:/Network/Interface/en1/AirPort/CHANNEL'
Tue Oct 7 09:08:48.937 <airportd[63]> airportdProcessSystemConfigurationEvent: Processing 'State:/Network/Interface/en1/AirPort/AutoJoinTimestamp'
Tue Oct 7 09:08:48.982 <kernel> parseRSNIE: groupCipherType = 3 pairwiseCipherType = 5 authSel = 2
Tue Oct 7 09:08:48.982 <kernel> initWithInterfaceAndIE: _myMacAddress 2c:be:08:eb:fc:9e
Tue Oct 7 09:08:48.982 <kernel> setPMK: PMK SET!
Tue Oct 7 09:08:48.988 <airportd[63]> _p2pSupEventCallback: APPLE80211_M_LINK_CHANGED
Tue Oct 7 09:08:48.988 <airportd[63]> _p2pSupEventCallback: Primary interface link marked up
Tue Oct 7 09:08:48.988 <airportd[63]> _p2pSupEventCallback: New channel = 36 (flags=0x214)
Tue Oct 7 09:08:48.988 <airportd[63]> _bsd_80211_event_callback: LINK_CHANGED (en1)
Tue Oct 7 09:08:48.988 <airportd[63]> airportdProcessDriverEvent: link changed
Tue Oct 7 09:08:48.993 <airportd[63]> _bsd_80211_event_callback: SSID_CHANGED (en1)
Tue Oct 7 09:08:48.993 <airportd[63]> _bsd_80211_event_callback: BSSID_CHANGED (en1)
Tue Oct 7 09:08:48.993 <airportd[63]> _p2pSupEventCallback: APPLE80211_M_BSSID_CHANGED
Tue Oct 7 09:08:48.993 <airportd[63]> __AirPortOpportunisticRoamBSSIDChanged: <en1> BSSID Change Event old <CC:F9:54:9C:0C:85>, new <CC:F9:54:9C:0C:85>reset Opp Roam to <-2147483648>
Tue Oct 7 09:08:48.993 <airportd[63]> _bsd_80211_event_callback: Frequency Band updated <2>
Tue Oct 7 09:08:48.993 <airportd[63]> BluetoothCoexHandleUpdateForNode: <en1> Handle Bluetooth Coex: FrequencyBand <2>, Bluetooth Bandwidth Utilization <0>, Clamshell Mode <0>
Tue Oct 7 09:08:48.993 <airportd[63]> BluetoothCoexModeSet: <en1> already set to BT Coex mode 'Off', do not perform APPLE80211_IOC_BTCOEX_MODE
Tue Oct 7 09:08:48.993 <airportd[63]> BluetoothCoexSettingPerChainTransmitPowerOffsets: Per TX Chain Power Offset Control (
Tue Oct 7 09:08:48.993     0,
Tue Oct 7 09:08:48.993     0,
Tue Oct 7 09:08:48.993     0
Tue Oct 7 09:08:48.993 )
Tue Oct 7 09:08:48.996 <kernel> en1: Received EAPOL packet (length = 113)
Tue Oct 7 09:08:48.996 <kernel> inputEAPOLFrame: 0 extra bytes present in EAPOL frame.
Tue Oct 7 09:08:48.996 <kernel> inputEAPOLFrame: Received message 1 of 4
Tue Oct 7 09:08:48.996 <kernel> FULL RSN IE FOUND:
Tue Oct 7 09:08:48.996 [00000000] 30 18 01 00 00 0F AC 02 02 00 00 0F AC 04 00 0F AC 02 01 00 00 0F AC 02 0C 00
Tue Oct 7 09:08:48.996 <kernel> storeFullRSNIE: getAP_IE_LIST returned 0
Tue Oct 7 09:08:48.996 <kernel> PMK:
Tue Oct 7 09:08:48.996 [00000000] 61 35 71 AB 2C F6 AF 24 23 06 8D C5 1E 5F 75 88 0A B9 72 A4 5E 05 BA F2 54 A5 2E 64 0E 2F
Tue Oct 7 09:08:48.996 [0000001E] F1 E3
Tue Oct 7 09:08:48.996 <kernel> TPTK:
Tue Oct 7 09:08:48.996 [00000000] 35 38 A9 BA 8C C2 A7 E2 8B FF 84 0B AC 62 21 01 E8 7C 00 CB 0C 64 36 C7 17 F7 BD 4A 20 1C
Tue Oct 7 09:08:48.996 [0000001E] 59 9E 58 DC 8C 88 BF 46 31 43 7F 3D 63 07 BC E4 2D B8 B9 4D AA D7 D0 AB 2F CB 49 F0 CB F7
Tue Oct 7 09:08:48.996 [0000003C] B5 D1 85 CC
Tue Oct 7 09:08:48.996 <kernel> KEY MIC:
Tue Oct 7 09:08:48.996 [00000000] 47 E1 FD 97 16 21 0F 8F BE 93 08 63 65 E7 83 50
Tue Oct 7 09:08:48.996 <kernel> process1of4: sending replyPacket 135 bytes
Tue Oct 7 09:08:48.996 <airportd[63]> _SC_callback: Changed keys = { 'State:/Network/Interface/en1/AirPort/Power Status' 'State:/Network/Interface/en1/AirPort/AutoJoinTimestamp' 'State:/Network/Interface/en1/AirPort/Busy' }
Tue Oct 7 09:08:48.997 <kernel> en1: Received EAPOL packet (length = 217)
Tue Oct 7 09:08:48.997 <kernel> inputEAPOLFrame: 0 extra bytes present in EAPOL frame.
Tue Oct 7 09:08:48.997 <kernel> inputEAPOLFrame: decrypting key data
Tue Oct 7 09:08:48.997 <kernel> inputEAPOLFrame: Received message 3 of 4
Tue Oct 7 09:08:48.997 <kernel> process3of4: Performing IE check.
Tue Oct 7 09:08:48.997 <kernel> process3of4: sending replyPacket ( len = 113 ).
Tue Oct 7 09:08:48.997 <kernel> process3of4: received pairwise GTK
Tue Oct 7 09:08:48.997 <kernel> ptkThread: Sleeping!
Tue Oct 7 09:08:48.997 <airportd[63]> _SC_callback: Changed keys = { 'State:/Network/Interface/en1/AirPort/SSID' 'State:/Network/Interface/en1/AirPort/CachedScanRecord' 'State:/Network/Interface/en1/AirPort/SSID_STR' }
Tue Oct 7 09:08:48.999 <kernel> ptkThread: Installing PTK!
Tue Oct 7 09:08:48.999 <kernel> PTK:
Tue Oct 7 09:08:48.999 [00000000] 58 DC 8C 88 BF 46 31 43 7F 3D 63 07 BC E4 2D B8
Tue Oct 7 09:08:48.999 <kernel> ptkThread: Installing GTK!
Tue Oct 7 09:08:48.999 <kernel> installGTK: setting cipher key (flags = 0x0)
Tue Oct 7 09:08:49.000 <kernel> RSC:
Tue Oct 7 09:08:49.000 [00000000] 22 0B 1F 01 00 00
Tue Oct 7 09:08:49.000 <kernel> GTK:
Tue Oct 7 09:08:49.000 [00000000] 12 64 92 29 99 8D 4C 8A D2 D5 CC E5 5B CB B7 09 96 6B 53 F9 88 F4 C7 B7 71 72 DD 88 F1 EB
Tue Oct 7 09:08:49.000 [0000001E] 0C FC
Tue Oct 7 09:08:49.000 <airportd[63]> _SC_callback: Changed keys = { 'State:/Network/Interface/en1/AirPort/CHANNEL' }
Tue Oct 7 09:08:49.000 <airportd[63]> airportdProcessDriverEvent: SSID changed
Tue Oct 7 09:08:49.000 <airportd[63]> _SC_callback: Changed keys = { 'State:/Network/Interface/en1/AirPort/BSSID' }
Tue Oct 7 09:08:49.000 <airportd[63]> airportdProcessDriverEvent: BSSID changed
Tue Oct 7 09:08:49.000 <airportd[63]> airportdProcessSystemConfigurationEvent: Processing 'State:/Network/Interface/en1/AirPort/Power Status'
Tue Oct 7 09:08:49.000 <airportd[63]> airportdProcessSystemConfigurationEvent: Processing 'State:/Network/Interface/en1/AirPort/AutoJoinTimestamp'
Tue Oct 7 09:08:49.000 <airportd[63]> airportdProcessSystemConfigurationEvent: Processing 'State:/Network/Interface/en1/AirPort/Busy'
Tue Oct 7 09:08:49.000 <airportd[63]> airportdProcessSystemConfigurationEvent: Processing 'State:/Network/Interface/en1/AirPort/SSID'
Tue Oct 7 09:08:49.000 <airportd[63]> airportdProcessSystemConfigurationEvent: Processing 'State:/Network/Interface/en1/AirPort/CachedScanRecord'
Tue Oct 7 09:08:49.000 <airportd[63]> airportdProcessSystemConfigurationEvent: Processing 'State:/Network/Interface/en1/AirPort/SSID_STR'
Tue Oct 7 09:08:49.001 <airportd[63]> airportdProcessSystemConfigurationEvent: Processing 'State:/Network/Interface/en1/AirPort/CHANNEL'
Tue Oct 7 09:08:49.001 <airportd[63]> airportdProcessSystemConfigurationEvent: Processing 'State:/Network/Interface/en1/AirPort/BSSID'
Tue Oct 7 09:08:49.028 <airportd[63]> _bsd_80211_event_callback: LINK_QUALITY (en1)
Tue Oct 7 09:08:49.103 <airportd[63]> _SC_callback: Changed keys = { 'State:/Network/Interface/en1/AirPort/Power Status' 'State:/Network/Interface/en1/AirPort/UserMode8021X' }
Tue Oct 7 09:08:49.103 <airportd[63]> airportdProcessSystemConfigurationEvent: Processing 'State:/Network/Interface/en1/AirPort/Power Status'
Tue Oct 7 09:08:49.104 <airportd[63]> airportdProcessSystemConfigurationEvent: Processing 'State:/Network/Interface/en1/AirPort/UserMode8021X'
Tue Oct 7 09:08:49.105 <airportd[63]> _SC_callback: Changed keys = { 'State:/Network/Interface/en1/AirPort/AutoJoinTimestamp' }
Tue Oct 7 09:08:49.105 <airportd[63]> airportdProcessSystemConfigurationEvent: Processing 'State:/Network/Interface/en1/AirPort/AutoJoinTimestamp'
Tue Oct 7 09:08:49.109 <airportd[63]> _SC_callback: Changed keys = { 'State:/Network/Interface/en1/AirPort/Busy' 'State:/Network/Interface/en1/AirPort/SSID' 'State:/Network/Interface/en1/AirPort/CachedScanRecord' }
Tue Oct 7 09:08:49.110 <airportd[63]> airportdProcessSystemConfigurationEvent: Processing 'State:/Network/Interface/en1/AirPort/Busy'
Tue Oct 7 09:08:49.110 <airportd[63]> airportdProcessSystemConfigurationEvent: Processing 'State:/Network/Interface/en1/AirPort/SSID'
Tue Oct 7 09:08:49.110 <airportd[63]> airportdProcessSystemConfigurationEvent: Processing 'State:/Network/Interface/en1/AirPort/CachedScanRecord'
Tue Oct 7 09:08:49.110 <airportd[63]> _SC_callback: Changed keys = { 'State:/Network/Interface/en1/AirPort/SSID_STR' 'State:/Network/Interface/en1/AirPort/CHANNEL' }
Tue Oct 7 09:08:49.110 <airportd[63]> airportdProcessSystemConfigurationEvent: Processing 'State:/Network/Interface/en1/AirPort/SSID_STR'
Tue Oct 7 09:08:49.110 <airportd[63]> airportdProcessSystemConfigurationEvent: Processing 'State:/Network/Interface/en1/AirPort/CHANNEL'
Tue Oct 7 09:08:49.110 <airportd[63]> _SC_callback: Changed keys = { 'State:/Network/Interface/en1/AirPort/BSSID' }
Tue Oct 7 09:08:49.111 <airportd[63]> airportdProcessSystemConfigurationEvent: Processing 'State:/Network/Interface/en1/AirPort/BSSID'
Tue Oct 7 09:08:49.112 <airportd[63]> _SC_callback: Changed keys = { 'State:/Network/Interface/en1/AirPort/WEPOpenSystem' }
Tue Oct 7 09:08:49.112 <airportd[63]> airportdProcessSystemConfigurationEvent: Processing 'State:/Network/Interface/en1/AirPort/WEPOpenSystem'
Tue Oct 7 09:08:49.112 <airportd[63]> _SC_callback: Changed keys = { 'State:/Network/Interface/en1/AirPort/WEP40' }
Tue Oct 7 09:08:49.113 <airportd[63]> airportdProcessSystemConfigurationEvent: Processing 'State:/Network/Interface/en1/AirPort/WEP40'
Tue Oct 7 09:08:49.383 <airportd[63]> userOnConsole: user: physed
Tue Oct 7 09:08:49.383 <airportd[63]> __startAutoJoinForInterface_block_invoke: AUTOJOIN: Already in progress for interface en1 in wake context 0.
Tue Oct 7 09:08:49.394 <kernel> IO80211ScanManager::startScan: Broadcast scan request received from 'airportd' (pid 63) ().
Tue Oct 7 09:08:49.395 <kernel> IO80211ScanManager::getScanResult: All scan results returned for 'airportd' (pid 63).
Tue Oct 7 09:08:49.512 <kernel> IO80211ScanManager::startScan: Broadcast scan request received from 'airportd' (pid 63) ().
Tue Oct 7 09:08:49.513 <kernel> IO80211ScanManager::getScanResult: All scan results returned for 'airportd' (pid 63).
Tue Oct 7 09:08:49.522 <airportd[63]> _doAssociate: assocError (0)
Tue Oct 7 09:08:49.522 <airportd[63]> matchAndJoinNetworkListAgainstScanResults: successfully associated to “KT_MAC”
Tue Oct 7 09:08:49.527 <airportd[63]> _SC_callback: Changed keys = { 'State:/Network/Interface/en1/AirPort/Power Status' 'State:/Network/Interface/en1/AirPort/UserMode8021X' }
Tue Oct 7 09:08:49.527 <airportd[63]> airportdProcessSystemConfigurationEvent: Processing 'State:/Network/Interface/en1/AirPort/Power Status'
Tue Oct 7 09:08:49.527 <airportd[63]> airportdProcessSystemConfigurationEvent: Processing 'State:/Network/Interface/en1/AirPort/UserMode8021X'
Tue Oct 7 09:08:49.528 <kernel> IO80211ScanManager::startScan: Broadcast scan request received from 'SystemUIServer' (pid 167) ().
Tue Oct 7 09:08:49.528 <airportd[63]> _SC_callback: Changed keys = { 'State:/Network/Interface/en1/AirPort/AutoJoinTimestamp' 'State:/Network/Interface/en1/AirPort/WEPOpenSystem' }
Tue Oct 7 09:08:49.529 <airportd[63]> airportdProcessSystemConfigurationEvent: Processing 'State:/Network/Interface/en1/AirPort/AutoJoinTimestamp'
Tue Oct 7 09:08:49.530 <airportd[63]> airportdProcessSystemConfigurationEvent: Processing 'State:/Network/Interface/en1/AirPort/WEPOpenSystem'
Tue Oct 7 09:08:49.530 <kernel> IO80211ScanManager::getScanResult: All scan results returned for 'SystemUIServer' (pid 167).
Tue Oct 7 09:08:49.530 <airportd[63]> _SC_callback: Changed keys = { 'State:/Network/Interface/en1/AirPort/WEP40' }
Tue Oct 7 09:08:49.532 <airportd[63]> airportdProcessSystemConfigurationEvent: Processing 'State:/Network/Interface/en1/AirPort/WEP40'
Tue Oct 7 09:08:49.532 <airportd[63]> _SC_callback: Changed keys = { 'State:/Network/Interface/en1/AirPort/Busy' }
Tue Oct 7 09:08:49.532 <airportd[63]> interfaceBusyStateChanged: Busy state for en1 changed to not busy. gSystemSleeping = 0, gMaintenanceWake = 0
Tue Oct 7 09:08:49.532 <airportd[63]> _updateInterfaceBusySetting: Disabling P2P scan suppress
Tue Oct 7 09:08:49.532 <airportd[63]> airportdProcessSystemConfigurationEvent: Processing 'State:/Network/Interface/en1/AirPort/Busy'
Tue Oct 7 09:08:49.534 <airportd[63]> _SC_callback: Changed keys = { 'State:/Network/Interface/en1/AirPort/SSID' 'State:/Network/Interface/en1/AirPort/CachedScanRecord' 'State:/Network/Interface/en1/AirPort/SSID_STR' 'State:/Network/Interface/en1/AirPort/CHANNEL' }
Tue Oct 7 09:08:49.534 <airportd[63]> airportdProcessSystemConfigurationEvent: Processing 'State:/Network/Interface/en1/AirPort/SSID'
Tue Oct 7 09:08:49.534 <airportd[63]> airportdProcessSystemConfigurationEvent: Processing 'State:/Network/Interface/en1/AirPort/CachedScanRecord'
Tue Oct 7 09:08:49.534 <airportd[63]> airportdProcessSystemConfigurationEvent: Processing 'State:/Network/Interface/en1/AirPort/SSID_STR'
Tue Oct 7 09:08:49.534 <airportd[63]> airportdProcessSystemConfigurationEvent: Processing 'State:/Network/Interface/en1/AirPort/CHANNEL'
Tue Oct 7 09:08:49.534 <airportd[63]> _SC_callback: Changed keys = { 'State:/Network/Interface/en1/AirPort/BSSID' }
Tue Oct 7 09:08:49.534 <airportd[63]> airportdProcessSystemConfigurationEvent: Processing 'State:/Network/Interface/en1/AirPort/BSSID'
Tue Oct 7 09:08:49.535 <airportd[63]> __startAutoJoinForInterface_block_invoke_2: exiting
Tue Oct 7 09:08:52.043 <airportd[63]> _SC_callback: Changed keys = { 'State:/Network/Service/7916B194-D6E3-4D97-947E-70FBB10ECCED/DHCP' }
Tue Oct 7 09:08:52.043 <airportd[63]> airportdProcessSystemConfigurationEvent: Processing 'State:/Network/Service/7916B194-D6E3-4D97-947E-70FBB10ECCED/DHCP'
Tue Oct 7 09:08:52.043 <airportd[63]> _processDHCPChanges: State:/Network/Service/7916B194-D6E3-4D97-947E-70FBB10ECCED/DHCP
Tue Oct 7 09:08:52.043 <airportd[63]> _processDHCPChanges: DHCP airport_changed = 1
Tue Oct 7 09:08:52.044 <airportd[63]> _setDHCPMessage: dhcpInfoKey "State:/Network/Interface/en1/AirPort/DHCP Message" = (null)
Tue Oct 7 09:08:54.695 <kernel> IO80211ScanManager::startScanMultiple: Scan request received from 'SystemUIServer' (pid 167) (2 SSIDs, 0 BSSIDs).
Tue Oct 7 09:08:54.695 <kernel> IO80211ScanManager::startScanMultiple: Initiating scan.
Tue Oct 7 09:08:57.902 <kernel> IO80211ScanManager::getScanResult: All scan results returned for 'SystemUIServer' (pid 167).
Tue Oct 7 09:08:57.902 <kernel> IO80211ScanManager::startScan: Broadcast scan request received from 'locationd' (pid 41) ().
Tue Oct 7 09:08:57.903 <kernel> IO80211ScanManager::getScanResult: All scan results returned for 'locationd' (pid 41).
Tue Oct 7 09:08:58.788 <airportd[63]> _SC_callback: Changed keys = { 'Setup:/Network/Interface/en1/AirPort' }
Tue Oct 7 09:08:58.788 <airportd[63]> airportdProcessSystemConfigurationEvent: Processing 'Setup:/Network/Interface/en1/AirPort'
Tue Oct 7 09:08:58.798 <airportd[63]> userOnConsole: user: physed
Tue Oct 7 09:08:58.798 <airportd[63]> __startAutoJoinForInterface_block_invoke_2: AUTOJOIN: Starting for interface en1 in wake context 0.
Tue Oct 7 09:08:58.802 <airportd[63]> _SC_callback: Changed keys = { 'State:/Network/Interface/en1/AirPort/Power Status' 'State:/Network/Interface/en1/AirPort/UserMode8021X' 'State:/Network/Interface/en1/AirPort/BSSID' }
Tue Oct 7 09:08:58.802 <airportd[63]> airportdProcessSystemConfigurationEvent: Processing 'State:/Network/Interface/en1/AirPort/Power Status'
Tue Oct 7 09:08:58.802 <airportd[63]> airportdProcessSystemConfigurationEvent: Processing 'State:/Network/Interface/en1/AirPort/UserMode8021X'
Tue Oct 7 09:08:58.802 <airportd[63]> airportdProcessSystemConfigurationEvent: Processing 'State:/Network/Interface/en1/AirPort/BSSID'
Tue Oct 7 09:08:58.803 <airportd[63]> _SC_callback: Changed keys = { 'State:/Network/Interface/en1/AirPort/AutoJoinTimestamp' }
Tue Oct 7 09:08:58.803 <airportd[63]> airportdProcessSystemConfigurationEvent: Processing 'State:/Network/Interface/en1/AirPort/AutoJoinTimestamp'
Tue Oct 7 09:08:58.805 <airportd[63]> _SC_callback: Changed keys = { 'State:/Network/Interface/en1/AirPort/WEPOpenSystem' 'State:/Network/Interface/en1/AirPort/CHANNEL' 'State:/Network/Interface/en1/AirPort/WEP40' }
Tue Oct 7 09:08:58.805 <airportd[63]> airportdProcessSystemConfigurationEvent: Processing 'State:/Network/Interface/en1/AirPort/WEPOpenSystem'
Tue Oct 7 09:08:58.805 <airportd[63]> airportdProcessSystemConfigurationEvent: Processing 'State:/Network/Interface/en1/AirPort/CHANNEL'
Tue Oct 7 09:08:58.805 <airportd[63]> airportdProcessSystemConfigurationEvent: Processing 'State:/Network/Interface/en1/AirPort/WEP40'
Tue Oct 7 09:08:58.808 <airportd[63]> _SC_callback: Changed keys = { 'State:/Network/Interface/en1/AirPort/Busy' }
Tue Oct 7 09:08:58.808 <airportd[63]> interfaceBusyStateChanged: Busy state for en1 changed to busy. gSystemSleeping = 0, gMaintenanceWake = 0
Tue Oct 7 09:08:58.808 <airportd[63]> _updateInterfaceBusySetting: Enabling P2P scan suppress
Tue Oct 7 09:08:58.809 <airportd[63]> airportdProcessSystemConfigurationEvent: Processing 'State:/Network/Interface/en1/AirPort/Busy'
Tue Oct 7 09:08:58.809 <airportd[63]> _SC_callback: Changed keys = { 'State:/Network/Interface/en1/AirPort/SSID' 'State:/Network/Interface/en1/AirPort/CachedScanRecord' }
Tue Oct 7 09:08:58.809 <airportd[63]> airportdProcessSystemConfigurationEvent: Processing 'State:/Network/Interface/en1/AirPort/SSID'
Tue Oct 7 09:08:58.809 <airportd[63]> airportdProcessSystemConfigurationEvent: Processing 'State:/Network/Interface/en1/AirPort/CachedScanRecord'
Tue Oct 7 09:08:58.809 <airportd[63]> _SC_callback: Changed keys = { 'State:/Network/Interface/en1/AirPort/SSID_STR' }
Tue Oct 7 09:08:58.809 <airportd[63]> _doAutoJoin: Wi-Fi supports multiple-directed scans
Tue Oct 7 09:08:58.809 <airportd[63]> airportdProcessSystemConfigurationEvent: Processing 'State:/Network/Interface/en1/AirPort/SSID_STR'
Tue Oct 7 09:08:58.809 <airportd[63]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Tue Oct 7 09:08:58.812 <airportd[63]> _SC_callback: Changed keys = { 'State:/Network/Interface/en1/AirPort/Power Status' 'State:/Network/Interface/en1/AirPort/UserMode8021X' }
Tue Oct 7 09:08:58.812 <airportd[63]> airportdProcessSystemConfigurationEvent: Processing 'State:/Network/Interface/en1/AirPort/Power Status'
Tue Oct 7 09:08:58.812 <airportd[63]> airportdProcessSystemConfigurationEvent: Processing 'State:/Network/Interface/en1/AirPort/UserMode8021X'
Tue Oct 7 09:08:58.812 <airportd[63]> _SC_callback: Changed keys = { 'State:/Network/Interface/en1/AirPort/BSSID' }
Tue Oct 7 09:08:58.812 <airportd[63]> airportdProcessSystemConfigurationEvent: Processing 'State:/Network/Interface/en1/AirPort/BSSID'
Tue Oct 7 09:08:58.813 <airportd[63]> _SC_callback: Changed keys = { 'State:/Network/Interface/en1/AirPort/SSID_STR' }
Tue Oct 7 09:08:58.813 <airportd[63]> airportdProcessSystemConfigurationEvent: Processing 'State:/Network/Interface/en1/AirPort/SSID_STR'
Tue Oct 7 09:08:58.814 <airportd[63]> _SC_callback: Changed keys = { 'State:/Network/Interface/en1/AirPort/AutoJoinTimestamp' }
Tue Oct 7 09:08:58.814 <airportd[63]> airportdProcessSystemConfigurationEvent: Processing 'State:/Network/Interface/en1/AirPort/AutoJoinTimestamp'
Tue Oct 7 09:08:58.815 <airportd[63]> _SC_callback: Changed keys = { 'State:/Network/Interface/en1/AirPort/CachedScanRecord' }
Tue Oct 7 09:08:58.815 <airportd[63]> airportdProcessSystemConfigurationEvent: Processing 'State:/Network/Interface/en1/AirPort/CachedScanRecord'
Tue Oct 7 09:08:58.816 <airportd[63]> _SC_callback: Changed keys = { 'State:/Network/Interface/en1/AirPort/WEPOpenSystem' }
Tue Oct 7 09:08:58.816 <airportd[63]> airportdProcessSystemConfigurationEvent: Processing 'State:/Network/Interface/en1/AirPort/WEPOpenSystem'
Tue Oct 7 09:08:58.816 <airportd[63]> _SC_callback: Changed keys = { 'State:/Network/Interface/en1/AirPort/CHANNEL' }
Tue Oct 7 09:08:58.816 <airportd[63]> airportdProcessSystemConfigurationEvent: Processing 'State:/Network/Interface/en1/AirPort/CHANNEL'
Tue Oct 7 09:08:58.817 <airportd[63]> _SC_callback: Changed keys = { 'State:/Network/Interface/en1/AirPort/WEP40' }
Tue Oct 7 09:08:58.817 <airportd[63]> airportdProcessSystemConfigurationEvent: Processing 'State:/Network/Interface/en1/AirPort/WEP40'
Tue Oct 7 09:08:58.819 <airportd[63]> _SC_callback: Changed keys = { 'State:/Network/Interface/en1/AirPort/Busy' }
Tue Oct 7 09:08:58.819 <airportd[63]> __startAutoJoinForInterface_block_invoke_2: exiting
Tue Oct 7 09:08:58.819 <airportd[63]> interfaceBusyStateChanged: Busy state for en1 changed to not busy. gSystemSleeping = 0, gMaintenanceWake = 0
Tue Oct 7 09:08:58.819 <airportd[63]> _updateInterfaceBusySetting: Disabling P2P scan suppress
Tue Oct 7 09:08:58.819 <airportd[63]> airportdProcessSystemConfigurationEvent: Processing 'State:/Network/Interface/en1/AirPort/Busy'
Tue Oct 7 09:08:58.819 <airportd[63]> _SC_callback: Changed keys = { 'State:/Network/Interface/en1/AirPort/SSID' }
Tue Oct 7 09:08:58.819 <airportd[63]> airportdProcessSystemConfigurationEvent: Processing 'State:/Network/Interface/en1/AirPort/SSID'
Tue Oct 7 09:08:58.995 <airportd[63]> _handleNewMessage: Received XPC message, event = DEBUG_FLAGS_EVENT, pid = 274
Tue Oct 7 09:08:59.037 <airportd[63]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Tue Oct 7 09:08:59.147 <airportd[63]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.

Eventually ended up on the phone with an Apple Engineer through Educational Support. They reported to us there are known issues with some RADIUS connections and didn't have any solutions beyond installing the new version of OS X 10.10 Yosemite
We did install 10.10 on a spare machine and it did appear to solve the issue but was still in beta at the time.

Radius Authentication in ACS 5.2 with AD

Friend,
I have a questión about radius authenticaction with AD, when I log in into the network with user in AD and I make a mistake in password my radius authenticaction event in ACS 5.2 dont show me this logg. only show the authentication succeeded but dont show me the authentication failed. Maybe i must to enable same service to show the authentiaction failed. The Voice authetication works fine..
This is the confg in the port of the switch:
interface FastEthernet0/12
switchport mode access
switchport access vlan 2
switchport voice vlan 10
authentication port-control auto
authentication host-mode multi-domain
authentication violation protect
authentication event fail action authorize vlan 11
authentication event fail retry 2 action authorize vlan 11
authentication event no-response action authorize vlan 11
authentication periodic
authentication timer reauthenticate 60
mab
dot1x pae authenticator
dot1x timeout tx-period 10
dot1x max-reauth-req 3
spanning-tree portfast
end
Vlan 2: DATA
Vlan 10: VOICE
Vlan 11: GUEST
thank...
Marco

Hi Marco,
When you type in the wrong password do you see the login fail on the device you entered it? Depending on how you have configured fallback mechanisms on ACS, an attempt can still be permited eventhough the authentication failed.
It would be best to take a look at the authentication steps under the RADIUS authentication log for an attempt you beleive should have failed to see what ACS is doing with the request.
Steve.

802.1x RADIUS authentication problem with Cat 2950 to CiscoSecure ACS 3.3

I wondered if anyone can help or shed any light on the following problem.
I am getting an authentication error when doing a RADIUS authentication to CiscoSecure ACS 3.3 running on a Windows 2003 server, the authentication request is coming from a Catalyst 2950 switch which is doing 802.1x for Windows XP clients. This problem only happens when the XP client connects to 2950 switches, Cat 3550s and 3560s work fine.
The Cat2950 is running 12.1.20 (EA1) which is more or less the latest IOS.
The error I get from ACS 3.3 is "Invalid message authenticator in EAP request" when the 2950 tries to authenticate an XP client for 802.1x to the ACS server using RADIUS.
Doing a RADIUS and 802.1x debug on the 2950 I see a message about 'Unknown EAP type', I am using PEAP on the XP client doing EAP-MS-CHAPv2 authentication, the same XP client authenticates fine with 3550 and 3560 switches problem only affects 2950s. Can anyone confirm the 2950 supports EAP-MS-CHAPv2?
I have checked and re-checked the shared secret and it definitely matches on 2950 and ACS.
One thing I noticed in the RADIUS debug is the 2950 sends 18 bytes for attribute 79 when the RFC defines attribute 79 should be 3 bytes or less, I don't know if this is related to the problem or is correct behaviour.

Hi, I am new with 802.1x, and was hoping that someone would help with these queries:
1. How is a certificate requested without being allowed on a network that is not authenticated with 802.1x. I had to first connect to an active network, retrieve a certificate with the proper username and password, and then physically connect to the port on the 2950 switch which was enabled to do 802.1x
2. My config is as below:
aaa new-model
aaa authentication dot1x default group radius
aaa authenication login default group radius
dot1x system-auth-control
interface f0/1
switchport mode access
dot1x port-control auto
end
I able to login using the radius server, so radius is working (on ports other than f1/0). However when connecting to f1/0, the port on the 2950 remains blocked.
3. The certificate is issued by the ca server, is viewable via Internet explorer,and is issued to the correct username which is on the active directory.
I even tried using local authenication with 802.1x, this did not work
4. If I have a certificate, will this automatically give me access to the 802.1x port?
5. I have windows 2000, and authenication is set to 'Smart Card or other certificate.
Am I missing anything?
Any advise will be greatly appreciated
Chris

NAC guest server with RADIUS authentication for guests issue.

Hi all,
We have just finally successfully installed our Cisco NAC guest server. We have version 2 of the server and basically the topology consists of a wism at the core of the network and a 4402 controller at the dmz, then out the firewall, no issues with that. We do however have a few problems, how can we provide access through a proxy without using pak files obviously, and is there a way to specify different proxies for different guest traffic, based on IP or a radius attribute etc.
The second problem is more serious; refer to the documentation below from the configuration guide for guest nac server v2. It states that hotspots can be used and the Authentication option would allow radius authentication for guests, I’ve been told otherwise by Cisco and they say it can’t be done, has anyone got radius authentication working for guests.
https://www.cisco.com/en/US/docs/security/nac/guestserver/configuration_guide/20/g_hotspots.html
-----START QUOTE-----
Step 7 From the Operation mode dropdown menu, you can select one of the following methods of operation:
•Payment Provider—This option allows your page to integrate with a payment providing billing system. You need to select a predefined Payment Provider from the dropdown. (Refer to Configuring Payment Providers for details.) Select the relevant payment provider and proceed to Step 8.
•Self Service—This option allows guest self service. After selection proceed to Step 8.
•Authentication—This option allows RADIUS authentication for guests. Proceed to Step 9.
----- END QUOTE-----
Your help is much appreciated on this, I’ve been looking forward to this project for a long time and it’s a bit of an anti climax that I can’t authenticate guests with radius (We use ACS and I was hoping to hook radius into an ODBC database we have setup called open galaxy)
Regards
Kevin Woodhouse

Well I will try to answer your 2nd questions.... will it work... yes. It is like any other radius server (high end:)) But why would you do this for guest.... there is no reason to open up a port on your FW and to add guest accounts to and worse... add them in AD. Your guest anchor can supply a web-auth, is able to have a lobby admin account to create guest acounts and if you look at it, it leaves everything in the DMZ.
Now if you are looking at the self service.... what does that really give you.... you won't be able to controll who gets on, people will use bogus info and last but not least.... I have never gotten that to work right. Had the BU send me codes that never worked, but again... that was like a year ago and maybe they fixed that. That is my opinion.

Radius authentication for privileged access

Hello,
          I have configured Cisco 6513 for radius authentication with following commands.
aaa new-model
aaa authentication login authradius group radius line
aaa accounting exec acctradius start-stop group radius
radius-server host <radius-ip> auth-port 1812 acct-port 1646 key 6912911
line vty 0 4
accounting exec acctradius
login authentication authradius
     This is working pretty fine. I want to configure radius authentication for priviledged access / for enable access.
     I am using TeKRadius as Radius server.
     Please help.
Thanks and Regards,
Pratik

Hi Pratik
Sorry I mostly use only TACACS+ for AAA as it provides better granularity of access controls.
You'll need to make some specific changes to your RADIUS config so that nominated users ( the ones you want to be able to go to enable mode ) get put straight into enable mode upon login.
There's a guide here http://www.blindhog.net/cisco-aaa-login-authentication-with-radius-ms-ias/ which details the steps if you're using the Microsoft IAS radius server - you should be able to figure out that changes you need to make to your own server from there.
Nick
Message was edited by: NickNac79 - Spelt the OP's name wrong, sorry.

Integrating RADIUS authentication with JAAS ???

Hi,
I have username/password JAAS authentication in my application.
Now I have to support RADIUS authentication on top of the existing username/password authenticaiton.
I am in the process of defining a login module for RADIUS.
Is there any opensource login module existing for RADIUS ??
After defining the RADIUS login module where to configure the multiple authentication policies ??
Thanks,
Dyanesh.

This sample configuration shows how to set up a remote access VPN connection between a Cisco VPN Client (4.x for Windows) and the PIX 500 Series Security Appliance 7.x using a Cisco Secure Access Control Server (ACS version 3.2) for extended authentication (Xauth).
http://cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a008080f2d1.shtml

Double radius authentication

Hello everybody,
I'm having a problem with the radius authentication. I've set one radius authentication for my clients with the 802.1x, and it works fine. I use the NPS feature of Windows server 2008 as a radius server. I've set a radius wlient with a shared key, see ScreenShot001.png. In the network strategy I've set two strategies, one for the authentication wpa for the wifi clients and another for the administrators to set up the ap. See
ScreenShot002.png for the client's strategy and ScreenShot003.png for the admin's strategy.
The clients can connect the to the wifi with their AD account without any problem, but I cannot set up the ap with ssh nor with telnet, it denies me, and I don't understand why.
Here are the commands I've used :
aaa group server radius Auth_SSH
server 172.16.102.1 auth-port 1645 acct-port 1646
aaa authentication login Auth_SSH group radius local
line vty 0 4
login authentication Auth_SSH
transport input ssh
The same configuration works fine on my switches and routers, but here it doesn't work.
You'll find the complete configuration below.
Thank you in advance for the help.
Current configuration : 3027 bytes!version 12.4no service padservice timestamps debug datetime msecservice timestamps log datetime msecservice password-encryption!hostname AP!enable secret 5 xxxx!aaa new-model!!aaa group server radius rad_eap server 172.16.102.1 auth-port 1645 acct-port 1646!aaa group server radius rad_mac!aaa group server radius rad_acct!aaa group server radius rad_admin!aaa group server tacacs+ tac_admin!aaa group server radius rad_pmip!aaa group server radius dummy!aaa group server radius rad_eap1 server 172.16.102.1 auth-port 1645 acct-port 1646!aaa group server radius Auth_SSH server 172.16.102.1 auth-port 1645 acct-port 1646!aaa authentication login eap_methods group rad_eapaaa authentication login mac_methods localaaa authentication login eap_methods1 group rad_eap1aaa authentication login Auth_SSH group radius localaaa authorization exec default localaaa accounting network acct_methods start-stop group rad_acct!aaa session-id commonip domain name xxxxx.comip name-server 4.2.2.2no ip dhcp use vrf connectedip dhcp excluded-address 172.16.107.250 172.16.107.254!ip dhcp pool POOL_WiFi network 172.16.107.0 255.255.255.0 default-router 172.16.107.254 dns-server 208.67.220.220 208.67.222.222!!dot11 syslog!dot11 ssid SC_WIFI authentication open eap eap_methods1 authentication network-eap eap_methods1 authentication key-management wpa version 2 guest-mode!!!username admin password 7 xxxxx!!bridge irb!!interface Dot11Radio0 no ip address no ip route-cache ! encryption mode ciphers aes-ccm ! ssid SC_WIFI ! station-role root bridge-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding bridge-group 1 spanning-disabled!interface Dot11Radio1 no ip address no ip route-cache ! encryption mode ciphers aes-ccm ! ssid SC_WIFI ! no dfs band block channel dfs station-role root bridge-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding bridge-group 1 spanning-disabled!interface FastEthernet0 ip address 172.16.107.250 255.255.255.0 no ip route-cache duplex auto speed auto bridge-group 1 no bridge-group 1 source-learning bridge-group 1 spanning-disabled!interface BVI1 ip address 172.16.107.251 255.255.255.0 no ip route-cache!ip http serverno ip http secure-serverip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eagip radius source-interface BVI1radius-server attribute 32 include-in-access-req format %hradius-server host 172.16.102.1 auth-port 1645 acct-port 1646 key 7 xxxradius-server vsa send accountingradius-server vsa send authenticationbridge 1 route ip!!!line con 0line vty 0 4 login authentication Auth_SSH transport input sshline vty 5 15 login authentication Auth_SSH transport input ssh!end

I think you should concider changing:
aaa authentication login Auth_SSH group radius local
to:
aaa authentication login Auth_SSH group Auth_SSH local
Also maybe you should move the shared key from the "radius-server host 172.16.102.1 auth-port 1645 acct-port 1646 key 7 ..." command into the "aaa group server radius Auth_SSH" set of commands.
Kind regards,
Harris

Can not do radius authentication via WLC 4400... Please help!

Hey,
I am configuring an old WLC4400 with V4.2.130.0. I added a new sub-interface for VLAN 50 with proper IP for the subnet and then add the Radius server(Windows server 2008 with NPS) onto WLC4400. I then created new WLAN with WPA+WPA2 Encryption and 802.1x key management and selected the Radius server under AAA for authentication.
Configured the test XP with WPA-Enterprise and PEAP as EAP method. I purposely configured computer to prompt for username and password.
When I try to connect, I did get prompt for username and password. However after that nothing happens. It seems like laptop just keep trying to authenticate.
I checked windows event log and do not see anything under NPS. I know this windows server NPS setup works as it is also the authentication server for our remotevpn.
So my question: is there any special option I need to turn on for WLC in order for Radius authentication work? Or is there any known bug with V4.2.130 (I searched bug toolkit but did not see anything).
Any suggestion is appeciated!
Thanks,
/S

Configuration
Open Network Connections by clicking on the Windows Start button, right-clicking on My Network Places, Properties, or Start > Control Panel then double-click on Network Connections.
Right-click on your wireless network adaptor and choose Properties.
Note: If your wireless connection is part of a Network Bridge you must remove it from the Bridge before continuing.
Click on the Wireless Networks tab at the top of this dialog box.
In the Preferred Networks section click Add...
Enter "Imperial-WPA" as the Network Name (ssid). Note: this is case-sensitive.
Either select WPA2 for Network Authentication: and AES for Data Encryption:
or select WPA for Network Authentication: and TKIP for Data Encryption:
(WPA2 + AES is more secure)
Check that the This is a computer-to-computer (adhoc) network check-box is not ticked.
Then click on the Authentication tab at the top of this dialog-box.
For EAP type: select Protected EAP (PEAP).
Check that the Authenticate as computer... and Authenticate as guest... check boxes are not checked.
Then click on the Properties button.
Then click on Configure...
Un-tick the Automatically use my Windows logon name... check box.
Click OK, then click OK on the previous two dialog boxes to exit.
First connection
Once you are within range of the wireless network a balloon should appear on the task bar prompting you for credentials.
Click on this balloon and you will be prompted for your logon credentials
Enter your college username, password and "IC" for the Logon domain. Then click on OK.
You should also be prompted to accept the server certificate.
Note: If you change your college password at any time you will be prompted to enter your new password when you next connect to the network.
Thanks,
Scott
Help out other by using the rating system and marking answered questions as "Answered"

ACS 5.3 Radius authentication with ASA and DACL

Hi,
I am trying to do Radius authentication on the ACS 5.3 for VPN access (cisco client) using a downloadable ACL with AD identity
Clients are connecting to an ASA 5510 with image asa843-K8.bin
I followed the configuration example on the Cisco site, but I am having some problems
First : AD identity is not triggered, I put a profile :
Status
Name
Conditions
Results
Hit Count
NDG:Location
Time And Date
AD1:memberOf
Authorization Profiles
1
TestVPNDACL
-ANY-
-ANY-
equals Network Admin
TEST DACL
0
But if I am getting no hits on it, Default Access is being used (Permit Access)
So I tried putting the DACL in the default profile, but when connecting I am immediately disconnected.
I can see the DACL/ASA being authenticated in the ACS log but no success
I am using my user which is member of the Network Admin Group.
Am I missing something?
Any help greatly appreciated!
Wim

Hello Stephen,
As per the IP Pools feature, the ACS 5.x does not include such functionality. It is not on the ACS 5.x roadmap either as the recommended scenario would be to use a dedicated DHCP server.
ACS 4.x included that functionality, however, it was not the best solution as the ACS returned the IP Address value as a RADIUS Attribute instead of acting as a real DCHP server.
As per the IMEI and MISDN I am assuming you are referring to International Mobile Equipment Identity and Mobile Subscriber ISDN. Correct me if I am wrong.
In that case it seems that the ACS 5.x should be able to Allow or Deny access based on Radius Attribute 30 (Called-Station-Id) and 31 (Calling-Station-Id).
In that case you might want to use the End-Station Filters feature and use it as the condition for the Rule. The End-Station Filter feature uses CLI/DNIS where CLI is Radius Attribute 31 and DNIS is Attribute 30.
I am assuming a Generic Username will be embedded on the devices request. In that case you will define which end-user devices will be granted access based on the above attributes.
Here is a snapshot of the section:

ASA , Cisco VPN client with RADIUS authentication

Hi,
I have configured ASA for Cisco VPN client with RADIUS authentication using Windows 2003 IAS.
All seems to be working I get connected and authenticated. However even I use user name and password from Active Directory when connecting with Cisco VPN client I still have to provide these credentials once again when accessing domain resources.
Should it work like this? Would it be possible to configure ASA/IAS/VPN client in such a way so I enter user name/password just once when connecting and getting access to domain resources straight away?
Thank you.
Kind regards,
Alex

Hi Alex,
It is working as it should.
You can enable the vpn client to start vpn before logon. That way you login to vpn and then logon to the domain. However, you are still entering credentials twice ( vpn and domain) but you have access to domain resources and profiles.
thanks
John

VPN 3000 and Radius authentication/authorization

hello.
I have to configure RADIUS authentication
with a VPN 3000 concentrator.
I'm completely new with this product
(the concentrator).
It seems that, if I want to perform authentication
of username and password with Radius, then I also have to download the entire VPN configuration from the same Radius, using the attibute set loaded with the appropriate dictionary.
am I rigth with this supposition?
I mean: should be possible to authenticate only an username and password externally on RADIUS, while continuing to mantain the user (or group) VPN configuration locally in the concentrator?
thank you.
Davide

No, downloading the entire VPN configuration from the RADIUS server is not necessary. If you are new to configuring VPN's on concentrators or the Concentrator iself, having a look at the support page will be agood idea. It is accessible at http://www.cisco.com/pcgi-bin/Support/browse/psp_view.pl?p=Hardware:Cisco_VPN_3000_Concentrator

Local Radius Authentication - Fails

Hello all,
Access Point 1230AG (c1200-k9w7-mx.123-2.JA)
Client Adapter ABG (PCI)
I am new to Wireless Lan configuration with Aironet products (first project). I am configuring an Access Point for a small LAN and i can not get local radius authentication working. The password always fails if I try:
test aaa group radius xxxxx port 1812 new-code
although the password is matching..........
another thing is that in the configuration, it always defaults to 'nthash' mode. is this normal? in other words if i type:
radius-server local
user dgarnett password xxxx
when i do a 'show run' it displays as
user xxxx
I also get the following during a debug:
There is no RADIUS DB Some Radius attributes may not be stored
any help greatly appreciated
ap#test aaa group radius dgarnett 123456789 port 1812 new-code
Trying to authenticate with Servergroup radius
User rejected
ap#
Feb 19 20:57:44.535: RADIUS(00000000): Config NAS IP: 10.14.14.14
Feb 19 20:57:44.535: RADIUS(00000000): Config NAS IP: 10.14.14.14
Feb 19 20:57:44.535: RADIUS(00000000): sending
Feb 19 20:57:44.535: RADIUS(00000000): Send Access-Request to 10.14.14.14:1812 id 21645/14, len 64
Feb 19 20:57:44.535: RADIUS: authenticator 9C C4 E8 64 80 8B 64 8A - E7 5F 0A 64 14 2F 5D B6
Feb 19 20:57:44.536: RADIUS: User-Password [2] 18 *
Feb 19 20:57:44.536: RADIUS: User-Name [1] 10 "dgarnett"
Feb 19 20:57:44.536: RADIUS: Service-Type [6] 6 Login [1]
Feb 19 20:57:44.536: RADIUS: NAS-IP-Address [4] 6 10.14.14.14
Feb 19 20:57:44.536: RADIUS: Nas-Identifier [32] 4 "ap"
Feb 19 20:57:44.537: RADSRV: Client dgarnett password failed
Feb 19 20:57:44.537: RADIUS: Received from id 21645/14 10.14.14.14:1812, Access-Reject, len 88
Feb 19 20:57:44.538: RADIUS: authenticator 3C B3 9A 7F 61 27 3A A6 - 84 39 B6 DF 22 DF 45 26
Feb 19 20:57:44.538: RADIUS: State [24] 50
Feb 19 20:57:44.538: RADIUS: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF [????????????????]
Feb 19 20:57:44.539: RADIUS: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF [????????????????]
Feb 19 20:57:44.539: RADIUS: 6B 7C 18 EA F0 20 A4 E5 B1 28 0E BD 57 61 24 9A [k|??? ???(??Wa$?]
Feb 19 20:57:44.539: RADIUS: Message-Authenticato[80] 18 *
Feb 19 20:57:44.539: RADIUS(00000000): Received from id 21645/14
Feb 19 20:57:44.539: RADIUS(00000000): Unique id not in use
Feb 19 20:57:44.540: RADIUS/DECODE(00000000): There is no RADIUS DB Some Radius attributes may not be stored

Just as an update.......I set this up authenticating to an external (ACSNT) Radius server and it authenticates successfully. But still will not for the local dbase. My goal is to use the Corporate ACS as primary and the local as backup. I think my problem has to do with the Radius attributes 24 (State) and 80 (Message Auth). I also think that it points back to the NTHash stuff. Please advise as I am not new security practices and wireless, but I am new to Cisco Wireless networking.

Radius authentication with ISE - wrong IP address

Hello,
We are using ISE for radius authentication. I have setup a new Cisco switch stack at one of our locations and setup the network device in ISE. Unfortunately, when trying to authenticate, the ISE logs show a failure of "Could not locate Network Device or AAA Client" The reason for this failure is the log shows it's coming from the wrong IP address. The IP address of the switch is 10.xxx.aaa.241, but the logs show it is 10.xxx.aaa.243. I have removed and re-added the radius configs on both ISE and the switch, but it still comes in as .243. There is another switch stack at that location (same model, IOS etc), that works properly.
The radius config on the switch:
aaa new-model
aaa authentication login default local
aaa authentication login Comm group radius local
aaa authentication enable default enable
aaa authorization exec default group radius if-authenticated
ip radius source-interface Vlanyy
radius server 10.xxx.yyy.zzz
address ipv4 10.xxx.yyy.zzz auth-port 1812 acct-port 1813
key 7 abcdefg
The log from ISE:
Overview
Event 5405 RADIUS Request dropped
Username
Endpoint Id
Endpoint Profile
Authorization Profile
Authentication Details
Source Timestamp 2014-07-30 08:48:51.923
Received Timestamp 2014-07-30 08:48:51.923
Policy Server ise
Event 5405 RADIUS Request dropped
Failure Reason 11007 Could not locate Network Device or AAA Client
Resolution Verify whether the Network Device or AAA client is configured in: Administration > Network Resources > Network Devices
Root cause Could not find the network device or the AAA Client while accessing NAS by IP during authentication.
Username
User Type
Endpoint Id
Endpoint Profile
IP Address
Identity Store
Identity Group
Audit Session Id
Authentication Method
Authentication Protocol
Service Type
Network Device
Device Type
Location
NAS IP Address 10.xxx.aaa.243
NAS Port Id tty2
NAS Port Type Virtual
Authorization Profile
Posture Status
Security Group
Response Time
Other Attributes
ConfigVersionId 107
Device Port 1645
DestinationPort 1812
Protocol Radius
NAS-Port 2
AcsSessionID ise1/186896437/1172639
Device IP Address 10.xxx.aaa.243
CiscoAVPair
   Steps
11001 Received RADIUS Access-Request
11017 RADIUS created a new session
11007 Could not locate Network Device or AAA Client
5405
As a test, I setup a device using the .243 address. While ISE claims it authenticates, it really doesn't. I have to use my local account to access the device.
Any advice on how to resolve this issue would be appreciated. Please let me know if more information is needed.

Well from the debug I would say there may be an issue with the addressing of the radius server on the switch.
radius-server host 10.xxx.xxx.xxx key******** <--- Make sure this address and Key matches what you have in ISE PSN and that switch. Watch for spaces in your key at the begining or end of the string.
What interface should your switch be sending the radius request?
ip radius source-interface VlanXXX vrf default
Here is what my debug looks like when it is working correctly.
Aug 4 15:58:47 EST: RADIUS/ENCODE(00000265): ask "Password: "
Aug 4 15:58:47 EST: RADIUS/ENCODE(00000265):Orig. component type = EXEC
Aug 4 15:58:47 EST: RADIUS(00000265): Config NAS IP: 10.xxx.xxx.251
Aug 4 15:58:47 EST: RADIUS/ENCODE(00000265): acct_session_id: 613
Aug 4 15:58:47 EST: RADIUS(00000265): sending
Aug 4 15:58:47 EST: RADIUS(00000265): Send Access-Request to 10.xxx.xxx.35:1645 id 1645/110, len 104
Aug 4 15:58:47 EST: RADIUS: authenticator 97 FB CF 13 2E 6F 62 5D - 5B 10 1B BD BA EB C9 E3
Aug 4 15:58:47 EST: RADIUS: User-Name           [1]   9   "admin"
Aug 4 15:58:47 EST: RADIUS: Reply-Message       [18] 12
Aug 4 15:58:47 EST: RADIUS:   50 61 73 73 77 6F 72 64 3A 20        [ Password: ]
Aug 4 15:58:47 EST: RADIUS: User-Password       [2]   18 *
Aug 4 15:58:47 EST: RADIUS: NAS-Port            [5]   6   3
Aug 4 15:58:47 EST: RADIUS: NAS-Port-Id         [87] 6   "tty3"
Aug 4 15:58:47 EST: RADIUS: NAS-Port-Type       [61] 6   Virtual                   [5]
Aug 4 15:58:47 EST: RADIUS: Calling-Station-Id [31] 15 "10.xxx.xxx.100"
Aug 4 15:58:47 EST: RADIUS: Service-Type        [6]   6   Login                     [1]
Aug 4 15:58:47 EST: RADIUS: NAS-IP-Address      [4]   6   10.xxx.xxx.251
Aug 4 15:58:47 EST: RADIUS(00000265): Started 5 sec timeout
Aug 4 15:58:47 EST: RADIUS: Received from id 1645/110 10.xxx.xxx.35:1645, Access-Accept, len 127
Aug 4 15:58:47 EST: RADIUS: authenticator 1B 98 AB 4F B1 F4 81 41 - 3D E1 E9 DB 33 52 54 C1
Aug 4 15:58:47 EST: RADIUS: User-Name           [1]   9   "admin"
Aug 4 15:58:47 EST: RADIUS: State               [24] 40
Aug 4 15:58:47 EST: RADIUS:   52 65 61 75 74 68 53 65 73 73 69 6F 6E 3A 30 61 [ReauthSession:0a]
Aug 4 15:58:47 EST: RADIUS:   30 63 66 65 32 33 30 30 30 31 46 37 30 37 35 33 [0cfe230001F70753]
Aug 4 15:58:47 EST: RADIUS:   44 46 45 35 46 37            [ DFE5F7]
Aug 4 15:58:47 EST: RADIUS: Class               [25] 58
Aug 4 15:58:47 EST: RADIUS:   43 41 43 53 3A 30 61 30 63 66 65 32 33 30 30 30 [CACS:0a0cfe23000]
Aug 4 15:58:47 EST: RADIUS:   31 46 37 30 37 35 33 44 46 45 35 46 37 3A 50 52 [1F70753DFE5F7:PR]
Aug 4 15:58:47 EST: RADIUS:   59 49 53 45 30 30 32 2F 31 39 33 37 39 34 36 39 [YISE002/19379469]
Aug 4 15:58:47 EST: RADIUS:   38 2F 32 30 36 33 31 36          [ 8/206316]
Aug 4 15:58:47 EST: RADIUS(00000265): Received from id 1645/110
---------------------------------------------------------------------------------------------------------------This is after I added the incorrect Radius server address.
Aug 4 16:05:19 EST: RADIUS/ENCODE(00000268): ask "Password: "
Aug 4 16:05:19 EST: RADIUS/ENCODE(00000268):Orig. component type = EXEC
Aug 4 16:05:19 EST: RADIUS(00000268): Config NAS IP: 10.xxx.xxx.251
Aug 4 16:05:19 EST: RADIUS/ENCODE(00000268): acct_session_id: 616
Aug 4 16:05:19 EST: RADIUS(00000268): sending
Aug 4 16:05:19 EST: RADIUS(00000268): Send Access-Request to 10.xxx.xxx.55:1645 id 1645/112, len 104
Aug 4 16:05:19 EST: RADIUS: authenticator FC 94 BA 5D 75 1F 84 08 - E0 56 05 3A 7F BC FB BB
Aug 4 16:05:19 EST: RADIUS: User-Name           [1]   9   "admin"
Aug 4 16:05:19 EST: RADIUS: Reply-Message       [18] 12
Aug 4 16:05:19 EST: RADIUS:   50 61 73 73 77 6F 72 64 3A 20        [ Password: ]
Aug 4 16:05:19 EST: RADIUS: User-Password       [2]   18 *
Aug 4 16:05:19 EST: RADIUS: NAS-Port            [5]   6   7
Aug 4 16:05:19 EST: RADIUS: NAS-Port-Id         [87] 6   "tty7"
Aug 4 16:05:19 EST: RADIUS: NAS-Port-Type       [61] 6   Virtual                   [5]
Aug 4 16:05:19 EST: RADIUS: Calling-Station-Id [31] 15 "10.xxx.xxx.100"
Aug 4 16:05:19 EST: RADIUS: Service-Type        [6]   6   Login                     [1]
Aug 4 16:05:19 EST: RADIUS: NAS-IP-Address      [4]   6   10.xxx.xxx.251
Aug 4 16:05:19 EST: RADIUS(00000268): Started 5 sec timeout
Aug 4 16:05:23 EST: RADIUS(00000268): Request timed out
Aug 4 16:05:23 EST: RADIUS: Retransmit to (10.xxx.xxx.55:1645,1646) for id 1645/112
Aug 4 16:05:23 EST: RADIUS(00000268): Started 5 sec timeout
Aug 4 16:05:29 EST: RADIUS(00000268): Request timed out
Aug 4 16:05:29 EST: RADIUS: Retransmit to (10.xxx.xxx.55:1645,1646) for id 1645/112
Aug 4 16:05:29 EST: RADIUS(00000268): Started 5 sec timeout
Aug 4 16:05:33 EST: RADIUS(00000268): Request timed out
Aug 4 16:05:33 EST: %RADIUS-4-RADIUS_DEAD: RADIUS server 10.xxx.xxx.55:1645,1646 is not responding.
Aug 4 16:05:33 EST: %RADIUS-4-RADIUS_ALIVE: RADIUS server 10.xxx.xxx.55:1645,1646 is being marked alive.
Aug 4 16:05:33 EST: RADIUS: Retransmit to (10.xxx.xxx.55:1645,1646) for id 1645/112
Aug 4 16:05:33 EST: RADIUS(00000268): Started 5 sec timeout
Aug 4 16:05:38 EST: RADIUS(00000268): Request timed out
Aug 4 16:05:38 EST: RADIUS: Fail-over to (10.xxx.xxx.55:1645,1646) for id 1645/112
Aug 4 16:05:38 EST: RADIUS(00000268): Started 5 sec timeout
Aug 4 16:05:43 EST: RADIUS(00000268): Request timed out
Aug 4 16:05:43 EST: RADIUS: Retransmit to (10.xxx.xxx.55:1645,1646) for id 1645/112
Aug 4 16:05:43 EST: RADIUS(00000268): Started 5 sec timeout
Aug 4 16:05:48 EST: RADIUS(00000268): Request timed out
Aug 4 16:05:48 EST: RADIUS: Retransmit to (10.xxx.xxx.55:1645,1646) for id 1645/112
Aug 4 16:05:48 EST: RADIUS(00000268): Started 5 sec timeout
Aug 4 16:05:53 EST: RADIUS(00000268): Request timed out
Aug 4 16:05:53 EST: %RADIUS-4-RADIUS_DEAD: RADIUS server 10.xxx.xxx.55:1645,1646 is not responding.
Aug 4 16:05:53 EST: %RADIUS-4-RADIUS_ALIVE: RADIUS server 10.xxx.xxx.55:1645,1646 is being marked alive.
Aug 4 16:05:53 EST: RADIUS: Retransmit to (10.xxx.xxx.55:1645,1646) for id 1645/112
Aug 4 16:05:53 EST: RADIUS(00000268): Started 5 sec timeout
Aug 4 16:05:57 EST: RADIUS(00000268): Request timed out
Aug 4 16:05:57 EST: RADIUS: No response from (10.xxx.xxx.55:1645,1646) for id 1645/112
Aug 4 16:05:57 EST: RADIUS/DECODE: parse response no app start; FAIL
Aug 4 16:05:57 EST: RADIUS/DECODE: parse response; FAIL
This is a default template I use for all my devices routers or switches hope it helps. I have two PSN's that is why we have two radius-server host commands..
aaa authentication login vty group radius local enable
aaa authentication login con group radius local enable
aaa authentication dot1x default group radius
aaa authorization network default group radius
aaa accounting system default start-stop group radius
ip radius source-interface VlanXXX vrf default
radius-server attribute 6 on-for-login-auth
radius-server attribute 6 support-multiple
radius-server attribute 8 include-in-access-req
radius-server attribute 25 access-request include
radius-server dead-criteria time 30 tries 3
radius-server host xxx.xxx.xxx.xxx auth-port 1645 acct-port 1646 key *********
radius-server host xxx.xxx.xxx.xxx auth-port 1645 acct-port 1646 key *********
radius-server vsa send accounting
radius-server vsa send authentication
You can use this in the switch to test radius
test aaa group radius server 10.xxx.xxx.xxx <username> <password>

BBSM and RADIUS Authenticated Session Limits

I have setup a BBSM System with RADIUS authentication, the authentication traffic is passed to a seperate RSA Box to authenticate user using fobs and everything works fine.
My question is how do I limited the time a user can have a onnection to the BBSM without having to re-authentication

If you are using the 'Access Code' pageset, when the 'Stop Date and Time' of the Access
Code is reached, all currently connected users who have used that Access Code, are
disconnected.
When you define an Access Code, you define a 'Start Date and Time' and a 'Stop Date and
Time' for the Access Code. All users who have Connected by using that Access Code will be disconnected when that Date/Time is reached.
Please refer to
http://www.cisco.com/en/US/products/sw/netmgtsw/ps533/products_user_guide_ch
apter09186a0080192294.html#1038530
for more information on Access Codes.
HTH,
-Joe

Controlling Radius authentication

Similar Messages

Maybe you are looking for