Eap-fast and cckm

Is it possible to use eap-fast authentication with CCKM on 7920 phone with WLC.
It is working when configuring 802.1x and wep 104 bits on controller but it does not work with wpa1+wpa2.

If the client doesn't have a PAC and automatic PAC provisioning is enabled on the ACS, then the first authentication attempt will result in a failure, which is the session where the client will receive the PAC. The 7920 only supports automatic PAC provisioning. The default PAC settings should be ok, but may want to decrease or increase based on company's security policy. Also with CCKM, this will help when roaming with an expired PAC, otherwise there will be a 20 second gap in voice when roaming with an expired PAC, where a new PAC will need to be obtained.

Similar Messages

  • Cisco ISE with EAP-FAST and PAC provisioning

    Hi,
    I have search with no result on this topic. So, Does anyone have implemented Cisco ISE authentication with EAP-FAST and PAC provisioning ?
    Since I have an issue with internal proxy, user required to authenticate with an internal proxy before granting access to the internet.
    If you have any documents, it would be appreciated for me.
    Thanks,
    Pongsatorn

    From what I understand a Internet proxy PAC and a eap-fast PAC are two different purposes.
    Is that what you are trying to get clarification on.
    Basically eap fast PAC provisioning is a PAC that s provisioned when a client authenticates successfully. The client provides this PAC for network authentication and not proxy authentication.
    Sent from Cisco Technical Support iPad App

  • EAP Authentication Configuration for EAP-FAST and PEAP

    Hi Everyone,
    I pretty much got EAP working, however using LEAP 
    When I get to EAP-FAST and PEAP, I just can't seem to get it to work
    What am I missing, I do know that EAP-FAST and PEAP involve certificates. However, how do i set them up on the client side?
    Hope you guys can help me on this, stuck on this part xD

    EAP is a complicated subject for sure. But it shouldn't be really once you know the foundation. 
    EAP-PEAP can use server side and client side and EAP-FAST can as well. It all depends how its deployed. 
    Generally speaking, most deployments of PEAP use server side only and EAP-FAST uses PACS only.
    The cert that you install on the radius server for PEAP is passed to the wireless supplicant and is used by the supplicant to hash the logon and password from the user. This hash is passed back to the radius server who has the private key who can decode the hash and pass the user ID and password  back to AD for example. 
    Hope this helps .. 

  • Eap-fast and CWWLSE-1030

    HI,
    I configure a Wireless Lan with 3 AP1131G-E-k9 and a radius serveur CWWLSE and Eap-Fast AND WPA2
    All seem's to be OK but some Laptop are obliged to re-authenticate several time a day ?
    Anybody has a idee if thre is a timer or
    others paramatter I should do set ?
    Thanks for your Help

    I recently ran into this issue. What I found although not that technical....if the user is prompted for the PAC and does not accept, I had a hard time getting them to authenticate afterwards. I was able to remove the user from the AAA server and once I added them back in they were able to authenticate with no issues. Again this is a very basic finding  and I have not had time to test my theory. I believe it has someting to do with the way AAA caches the user account, perhaps there is a denial of service or time-wait before the next login attempt is permitted. If you are using AD and not local accounts use the option, on the Radius server to Remove Dynamic Users.
    hardware userd Version 7.0...5508 WLC, 3500i AP's, WCS, MSE, Cisco ACS/Radius 4.2 WPA2, 802.1x, EAP-FAST

  • NAC-L2-802.1x (EAP-FAST) and Cisco Secure Services Client 5.0 in wired net

    Hi!
    (Sorry, if this is a wrong forum.)
    Does anybody have any success with Cisco SSC and EAP-FAST in the wired network?
    I'm going to use NAC, so I'm trying to set up EAP-FAST. I see the pop-up window on the client to enter user credentials and I see a lot of "debug radius" messages on my 3750 12.2(44)SE switch:
    Access-Requests with User-Name="anonymous"
    Access-Challenges (I see certificate is sent from ACS)
    Access-Reject
    CS ACS Failed Attempts Report shows "ACS user unknown" failure for "anonymous".
    So far as I understood, EAP-FAST is a tunneled method and it uses "anonymous" to protect user's identity during phase 0 / phase 1 transactions. The actual username is sent in phase 2 transaction.
    The following is excerpt from the CS ACS documentation:
    "EAP-FAST can protect the username in all EAP-FAST transactions. ACS does not perform user authentication based on a username that is presented in phase one; however, whether the username is protected during phase one depends on the end-user client. If the end-user client does not send the real username in phase one, the username is protected. The Cisco Aironet EAP-FAST client protects the username in phase one by sending FAST_MAC address in place of the username. After phase one of EAP-FAST, all data is encrypted, including username information that is usually sent in clear text."
    SSC 5.0 is indeed set up with "Unprotected Identity Pattern"=anonymous and "Protected Identity Pattern"=[username] using sscManagementUtility.exe
    So, the question is: Why is ACS 4.1 trying to authenticate username "anonymous" if it knows that the user is fake? Does anybody have working configuaration for EAP-FAST in a wired network?
    Any help is greatly appreciated.

    Correct, ACS database wasn't selected on the NAP Authentication page. It works now, but I constantly get the following message in the Windows event log: "The Cisco Secure Services Client service hung on starting". This is Windows 2000 Advanced Server system with SP4. SSC was set up with no domain authentication, no machine authentication, single sign-on. After some time the SSC service starts, but at that time my PC is already put into the guest VLAN by the switch (the tx-period is 10 seconds):
    POD1-SW#sh run int fa1/0/1
    Building configuration...
    Current configuration : 378 bytes
    interface FastEthernet1/0/1
    switchport access vlan 999
    switchport mode access
    dot1x mac-auth-bypass
    dot1x pae authenticator
    dot1x port-control auto
    dot1x timeout reauth-period server
    dot1x timeout tx-period 10
    dot1x reauthentication
    dot1x critical
    dot1x critical recovery action reinitialize
    dot1x guest-vlan 91
    dot1x critical vlan 11
    spanning-tree portfast
    end
    After all the VLAN is reassigned by the switch, but the delay is too high. How can I troubleshoot this?
    Thx.

  • EAP-Fast and Cisco 340 Adapters

    Does anyone know if the 340 adapters support EAP-Fast? The docs that I have looked at talk about 350 adapters... I thought the only difference between 340 and 350's was the anntena.

    Based on this document seems like its supported,
    http://www.cisco.com/en/US/products/hw/wireless/ps4555/products_installation_and_configuration_guide_chapter09186a0080204ae1

  • ACS EAP-FAST and LEAP restrictions. regarding 7920 wireless phones

    Hello, The 7920 still doesn´t support EAP-FAST. So I´m wondering if it is possible to restcrict EAP-FAST users from turning LEAP on. Is there a way in ACS to do that ?

    Hi
    Kristjan's question above is a good one - I'm looking for a similar answer...
    I.e. can I add all my 7920 handset usernames to a group, and only allow these to do LEAP?
    Also can I restrict LEAP users to a set of pre-defined MAC addresses?
    Thanks
    Aaron

  • EAP-FAST with local radius on 1242AG

    I'm trying to get EAP-FAST working using the local radius server on a 1242AG autonomous AP using the latest firmware from Cisco. The cypher I'm using is CCMP. LEAP works fine with all my clients, however if I move to EAP-FAST in the radius config my clients fail to authenticate
    I know I need to set PAC to automatic somewhere, but the EAP-FAST configuration in the 1242AG GUI doesn't make this clear what to do.
    Any help or a basic example you be great.
    thanks,
    Simon

    I think this is what you're looking for;
    Local EAP Authentication on the Wireless LAN Controller with EAP-FAST and LDAP Server Configuration Example
    http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a008093f1b9.shtml
    HTH
    Regards,
    Jatin
    Do rate helpful posts~

  • EAP-FAST Security level

    Hi all,
    I use EAP-FAST in my network and I have some questions about it.
    1) is there any vulnerability detected with EAP-FAST?
    2) Can I restrict the establishment two or more simultaneous sessions using the same account and same PAC? how
    3) Can I use EAP-FAST with MAC address filtering through ACS?
    4) What is the level of security provided by EAP-FAST? is there technology more security than EAP-FAST?
    Thanks for your reply.
    Thanks.

    1)
    Everything should be fine with EAP-FAST but you should take into consideration some issues when your clients are being provisioned their PACs through inband PAC provisioning.
    What will happen? see
    The in-band provisioning mode  operates inside a TLS tunnel raised by Anonymous DH or Authenticated DH  or RSA algorithm for key agreement.
    To minimize the risk of exposing the user's credentials, a clear text  password should not be used outside of the protected tunnel. Therefore,  EAP-MSCHAPv2 or EAP-GTC are used to authenticate the user's credentials  within the protected tunnel. The information contained in the PAC is  also available for further authentication sessions after the inner EAP  method has completed.
    Automatic In-Band PAC Provisioning, which is the  same as EAP-FAST phase zero, sends a new PAC to an end-user client over a  secured network connection. Automatic In-Band PAC Provisioning requires  no intervention of the network user or an ACS administrator, provided  that you configure ACS and the end-user client to support Automatic  In-Band PAC Provisioning.
    In general, phase zero of EAP-FAST does not authorize network access. In  this general case, after the client has successfully performed phase  zero PAC provisioning, the client must send a new EAP-FAST request in  order to begin a new round of phase one tunnel establishment, followed  by phase two authentication.
    However, if you choose the Accept Client on Authenticated Provisioning  option, ACS sends a RADIUS Access-Accept (that contains an EAP Success)  at the end of a successful phase zero PAC provisioning, and the client  is not forced to reauthenticate again. This option can be enabled only  when the Allow Authenticated In-Band PAC Provisioning option is also  enabled.
    Because transmission of PACs in phase zero is secured by MSCHAPv2  authentication, when MSCHAPv2 is vulnerable to dictionary attacks, we  recommend that you limit use of Automatic In-Band PAC Provisioning to  initial deployment of EAP-FAST.
    After a large EAP-FAST deployment, PAC provisioning should be done manually to ensure the highest security for PACs.
    EAP-FAST has been enhanced to support an authenticated tunnel (by using  the server certificate) inside which PAC provisioning occurs. The new  cipher suites that are enhancements to EAP-FAST, and specifically the  server certificate, are used.
    2) Max user sessions
    3)Yes
    4)PEAP ( EAP TLS )
    Side note:
    EAP FAST is now supported on Micrsofot supplicants , so yeah it should work with third party supplicants
    Please make sure to rate correct answers and rate the thread as answered

  • EAP-FAST, local Authentication and PAC provisioning

    Hi everybody,
    I have a litte understanding problem with the deployment of EAP-FAST.
    So here's the deal:
    I want to the deploy EAP-FAST with autonomous APs with an ACS as Authentication server. So far so good.
    When the ACS is not reachable, the autonomous AP should act as local Authenticator for the clients as backup. Is this possible when doing manual PAC provisioning? I guess not, because the PAC master key is not synced between ACS and the AP local Authenticator.
    Would automatic PAC provisioning resolve that issue? If the ACS server fails, the local Authenticator AP will create new PACs for the clients, right?
    But - I have doubts regarding automatic provisioning of PACs. From my understanding the Phase-0 is just performed in MS-CHAPv2, which is dictionary attackable. Furthermore a MITM attack could be possible during phase-0.
    Would server sided certificates resolve my concerns here?
    I would prefer PEAP, but the autonomous APs don't support this EAP type as local authenticator method, right?
    Btw. .... is there any good document regarding FAST on CCO? I couldn't find anything. The Q&A page is just scratching the surface. The best document I could find so far is the ACS user configuration page. But I'm not 100% happy with this. Is there some kind of EAP-FAST deployment guide out there? I need best practices regarding PAC provisioning and so on :-)
    Thanks in advance!

    From what I understand a Internet proxy PAC and a eap-fast PAC are two different purposes.
    Is that what you are trying to get clarification on.
    Basically eap fast PAC provisioning is a PAC that s provisioned when a client authenticates successfully. The client provides this PAC for network authentication and not proxy authentication.
    Sent from Cisco Technical Support iPad App

  • EAP-TLS and EAP-FAST

    Hi NetPro.
    EAP-TLS is working now, but how to configure EAP-FAST as the backup in case TLS is failure then user still able to use FAST as the second choice ?
    your reply will be highly appreciated.
    thanks heaps.
    Jack

    All you really need to do is enabled EAP-FAST on the Radius server. If you are running a controller environment there isn't any changes on the controller needed. If you are running autonomous make sure you have both "authentication open..." and "authentication network-eap..." configured under the SSID. They only thing that would need to be changed would be the client. You could setup two profiles, one for TLS and the other for EAP-FAST.

  • Other LEAP upgrade options besides PEAP and EAP-FAST?

    Currently I'm using LEAP for authentication on my AP's at roughly 200 remote locations, with about 6 AP's per site. These are performing local Radius authentication on the AP's themselves. We are using non-dictionary passwords, so I'm not too worried about a ASLEAP attack. However, I've been asked to look into other alternatives besides LEAP for security.
    Here's the problem.... there is no way my company will pay for a Radius server at each individual location. As both PEAP and EAP-FAST seem to require an actual Radius server as opposed to an AP acting as one, to use either means authentication would have to happen back to the central office servers over our WAN. That is going to generate an unacceptable amount of WAN traffic, as well as leave us stranded should the WAN connection go down, as happens to at least one site once a week or so. Do I have any other options, are are they superior to my current LEAP setup?

    A comparable system might be to use WPA - PSK (Pre-Shared Key) w/ TKIP.
    TKIP will keep the key rotation, and if you start with a strong PSK, you should be OK. WPA - PSK doesn't need a RADIUS server or certificates to work.
    Pre-shared keys could conceivably be defeated by a brute force attack, but you can control that aspect somewhat with a lockout after X number of failed attempts.
    You could also toss on some MAC filtering but, depending on your user base, it can be an administrative nightmare.
    If all of your remote sites are tied back to your home network, you could try a central RADIUS, and local Certificate Authority (both can be on an existing WIN2K or better server) at the home office, then use the remote RADIUS on the AP to proxy the requests back to the home office.
    There are a couple approaches depending on your specific environment. Without a CA and RADIUS server (that supports certificates - I don't think the AP RADIUS does), your options are fairly limited. LEAP and WPA-PSK are probably as good as you're like to get.
    Good Luck
    Scott

  • WGB and EAP-FAST

    I try to authenticate a 1300 Worgroup bridge with EAP-FAST.
    Using ACS 3.3(2) Build 2 and 1231 AP's with WDS.
    Is there anyone who has tried this configuration. Ordinary wireless clients are OK.

    Hi,
    a workgroup bridge support only LEAP als EAP Client for EAP authentication.
    You have no option to integrate a PAC File to the device in workgroup bridge mode.
    Look at this link:
    http://www.cisco.com/en/US/products/ps5861/products_configuration_guide_chapter09186a00804158b3.html#wp1055422

  • Lans/Catalyst and EAP-FAST?

    I'd like to use EAP-FAST for both my 802.11 wireless and my lan network.
    However the only EAP-FAST client I have seen is the ACU for the Aironet products, nothing for the Catalyst (am I missing something?)
    Any plans for Ethernet adapter software that does EAP-FAST? I primary use Windows XP-SP2 in my lan.

    All you really need to do is enabled EAP-FAST on the Radius server. If you are running a controller environment there isn't any changes on the controller needed. If you are running autonomous make sure you have both "authentication open..." and "authentication network-eap..." configured under the SSID. They only thing that would need to be changed would be the client. You could setup two profiles, one for TLS and the other for EAP-FAST.

  • Cisco 871w, radius server local, and leap or eap-fast will not authenticate

    Hello, i trying to setup eap-fast or leap on my 871w.  i belive i have it confiured correctly but i can not get any device to authenticate to router.  Below is the confiureation that i being used.  any help would be welcome!
    ! Last configuration change at 15:51:30 AZT Wed Jan 4 2012 by testtest
    ! NVRAM config last updated at 15:59:37 AZT Wed Jan 4 2012 by testtest
    version 12.4
    configuration mode exclusive auto
    service nagle
    no service pad
    service tcp-keepalives-in
    service tcp-keepalives-out
    service timestamps debug datetime msec localtime show-timezone
    service timestamps log datetime msec localtime show-timezone
    service password-encryption
    service linenumber
    service pt-vty-logging
    service sequence-numbers
    hostname router871
    boot-start-marker
    boot-end-marker
    logging count
    logging message-counter syslog
    logging buffered 4096
    logging rate-limit 512 except critical
    logging console critical
    enable secret 5 <omitted>
    aaa new-model
    aaa group server radius rad-test3
    server 192.168.16.49 auth-port 1812 acct-port 1813
    aaa authentication login default local
    aaa authentication login eap-methods group rad-test3
    aaa authorization exec default local
    aaa session-id common
    clock timezone AZT -7
    clock save interval 8
    dot11 syslog
    dot11 ssid test2
    vlan 2
    authentication open
    authentication key-management wpa
    guest-mode
    wpa-psk ascii 7 <omitted>
    dot11 ssid test1
    vlan 1
    authentication open
    authentication key-management wpa
    wpa-psk ascii 7 <omitted>
    dot11 ssid test3
    vlan 3
    authentication open eap eap-methods
    authentication network-eap eap-methods
    no ip source-route
    no ip gratuitous-arps
    ip options drop
    ip dhcp bootp ignore
    ip dhcp excluded-address 192.162.16.49 192.162.16.51
    ip dhcp excluded-address 192.168.16.33
    ip dhcp excluded-address 192.168.16.1 192.168.16.4
    ip dhcp pool vlan1pool
       import all
       network 192.168.16.0 255.255.255.224
       default-router 192.168.16.1
       domain-name test1.local.home
       lease 4
    ip dhcp pool vlan2pool
       import all
       network 192.168.16.32 255.255.255.240
       default-router 192.168.16.33
       domain-name test2.local.home
       lease 0 6
    ip dhcp pool vlan3pool
       import all
       network 192.168.16.48 255.255.255.240
       default-router 192.168.16.49
       domain-name test3.local.home
       lease 2
    ip cef
    ip inspect alert-off
    ip inspect max-incomplete low 25
    ip inspect max-incomplete high 50
    ip inspect one-minute low 25
    ip inspect one-minute high 50
    ip inspect udp idle-time 15
    ip inspect tcp idle-time 1800
    ip inspect tcp finwait-time 30
    ip inspect tcp synwait-time 60
    ip inspect tcp block-non-session
    ip inspect tcp max-incomplete host 25 block-time 2
    ip inspect name firewall tcp router-traffic
    ip inspect name firewall ntp
    ip inspect name firewall ftp
    ip inspect name firewall udp router-traffic
    ip inspect name firewall pop3
    ip inspect name firewall pop3s
    ip inspect name firewall imap
    ip inspect name firewall imap3
    ip inspect name firewall imaps
    ip inspect name firewall smtp
    ip inspect name firewall ssh
    ip inspect name firewall icmp router-traffic timeout 10
    ip inspect name firewall dns
    ip inspect name firewall h323
    ip inspect name firewall hsrp
    ip inspect name firewall telnet
    ip inspect name firewall tftp
    no ip bootp server
    no ip domain lookup
    ip domain name local.home
    ip name-server 8.8.8.8
    ip name-server 8.8.4.4
    ip accounting-threshold 100
    ip accounting-list 192.168.16.0 0.0.0.31
    ip accounting-list 192.168.16.32 0.0.0.15
    ip accounting-list 192.168.16.48 0.0.0.15
    ip accounting-transits 25
    login block-for 120 attempts 5 within 60
    login delay 5
    login on-failure log
    memory free low-watermark processor 65536
    memory free low-watermark IO 16384
    username testtest password 7 <omitted>
    archive
    log config
      logging enable
      logging size 255
      notify syslog contenttype plaintext
      hidekeys
    path tftp://<omitted>/archive-config
    write-memory
    ip tcp synwait-time 10
    ip ssh time-out 20
    ip ssh authentication-retries 2
    ip ssh logging events
    ip ssh version 2
    bridge irb
    interface Loopback0
    no ip address
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    interface Null0
    no ip unreachables
    interface FastEthernet0
    switchport mode trunk
    shutdown
    interface FastEthernet1
    switchport mode trunk
    shutdown
    interface FastEthernet2
    shutdown
    spanning-tree portfast
    interface FastEthernet3
    spanning-tree portfast
    interface FastEthernet4
    description Cox Internet Connection
    ip address dhcp
    ip access-group ingress-filter in
    ip access-group egress-filter out
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip accounting access-violations
    ip flow ingress
    ip flow egress
    ip inspect firewall out
    ip nat outside
    ip virtual-reassembly
    ip tcp adjust-mss 1460
    load-interval 30
    duplex auto
    speed auto
    no cdp enable
    interface Dot11Radio0
    no ip address
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    encryption vlan 1 mode ciphers aes-ccm
    encryption vlan 2 mode ciphers aes-ccm
    encryption key 1 size 128bit 7 <omitted> transmit-key
    encryption mode wep mandatory
    broadcast-key vlan 1 change <omitted> membership-termination
    broadcast-key vlan 3 change <omitted> membership-termination
    broadcast-key vlan 2 change <omitted> membership-termination
    ssid test2
    ssid test1
    ssid test3
    speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
    station-role root
    rts threshold 2312
    no cdp enable
    interface Dot11Radio0.1
    description <omitted>
    encapsulation dot1Q 1 native
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    bridge-group 1
    bridge-group 1 subscriber-loop-control
    bridge-group 1 spanning-disabled
    bridge-group 1 block-unknown-source
    no bridge-group 1 source-learning
    no bridge-group 1 unicast-flooding
    interface Dot11Radio0.2
    description <omitted>
    encapsulation dot1Q 2
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    bridge-group 2
    bridge-group 2 subscriber-loop-control
    bridge-group 2 spanning-disabled
    bridge-group 2 block-unknown-source
    no bridge-group 2 source-learning
    no bridge-group 2 unicast-flooding
    interface Dot11Radio0.3
    description <omitted>
    encapsulation dot1Q 3
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    bridge-group 3
    bridge-group 3 subscriber-loop-control
    bridge-group 3 spanning-disabled
    bridge-group 3 block-unknown-source
    no bridge-group 3 source-learning
    no bridge-group 3 unicast-flooding
    interface Vlan1
    description <omitted>
    no ip address
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip nat inside
    ip virtual-reassembly
    bridge-group 1
    bridge-group 1 spanning-disabled
    interface Vlan2
    description <omitted>
    no ip address
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip nat inside
    ip virtual-reassembly
    bridge-group 2
    bridge-group 2 spanning-disabled
    interface Vlan3
    description <omitted>
    no ip address
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip nat inside
    ip virtual-reassembly
    bridge-group 3
    bridge-group 3 spanning-disabled
    interface BVI1
    description <omitted>
    ip address 192.168.16.1 255.255.255.224
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip nat inside
    ip virtual-reassembly
    interface BVI2
    description <omitted>
    ip address 192.168.16.33 255.255.255.240
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip nat inside
    ip virtual-reassembly
    interface BVI3
    description <omitted>
    ip address 192.168.16.49 255.255.255.240
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip nat inside
    ip virtual-reassembly
    ip forward-protocol nd
    no ip http server
    no ip http secure-server
    ip http secure-ciphersuite 3des-ede-cbc-sha rc4-128-sha
    ip http timeout-policy idle 5 life 43200 requests 5
    ip flow-top-talkers
    top 10
    sort-by bytes
    ip nat inside source list 1 interface FastEthernet4 overload
    ip nat inside source static tcp 192.168.16.50 80 interface FastEthernet4 80
    ip nat inside source static tcp 192.168.16.50 53 interface FastEthernet4 53
    ip nat inside source static tcp 192.168.16.50 3074 interface FastEthernet4 3074
    ip nat inside source static udp 192.168.16.50 3074 interface FastEthernet4 3074
    ip nat inside source static udp 192.168.16.50 88 interface FastEthernet4 88
    ip nat inside source static udp 192.168.16.50 53 interface FastEthernet4 53
    ip access-list extended egress-filter
    deny   ip any host <omitted>
    deny   ip any host <omitted>
    deny   ip host <omitted> any
    deny   ip host <omitted> any
    remark ----- Bogons Filter -----
    deny   ip 0.0.0.0 0.255.255.255 any
    deny   ip 10.0.0.0 0.10.9.255 any
    deny   ip 10.0.0.0 0.10.13.255 any
    deny   ip 127.0.0.0 0.255.255.255 any
    deny   ip 169.254.0.0 0.0.255.255 any
    deny   ip 172.16.0.0 0.15.255.255 any
    deny   ip 192.0.0.0 0.0.0.255 any
    deny   ip 192.0.2.0 0.0.0.255 any
    deny   ip 192.168.0.0 0.0.15.255 any
    deny   ip 192.168.0.0 0.0.255.255 any
    deny   ip 198.18.0.0 0.1.255.255 any
    deny   ip 198.51.100.0 0.0.0.255 any
    deny   ip 203.0.113.0 0.0.0.255 any
    deny   ip 224.0.0.0 31.255.255.255 any
    remark ----- Internal networks -----
    permit ip <omitted> 0.0.0.3 any
    deny   ip any any log
    ip access-list extended ingress-filter
    remark ----- To get IP form COX -----
    permit udp any eq bootps any eq bootpc
    deny   icmp any any log
    deny   udp any any eq echo
    deny   udp any eq echo any
    deny   tcp any any fragments
    deny   udp any any fragments
    deny   ip any any fragments
    deny   ip any any option any-options
    deny   ip any any ttl lt 4
    deny   ip any host <omitted>
    deny   ip any host <omitted>
    deny   udp any any range 33400 34400
    remark ----- Bogons Filter -----
    deny   ip 0.0.0.0 0.255.255.255 any
    deny   ip 10.0.0.0 0.255.255.255 any
    deny   ip 127.0.0.0 0.255.255.255 any
    deny   ip 169.254.0.0 0.0.255.255 any
    deny   ip 172.16.0.0 0.15.255.255 any
    deny   ip 192.0.0.0 0.0.0.255 any
    deny   ip 192.0.2.0 0.0.0.255 any
    deny   ip 192.168.0.0 0.0.255.255 any
    deny   ip 198.18.0.0 0.1.255.255 any
    deny   ip 198.51.100.0 0.0.0.255 any
    deny   ip 203.0.113.0 0.0.0.255 any
    deny   ip 224.0.0.0 31.255.255.255 any
    remark ----- Internal networks -----
    deny   ip 10.10.10.0 0.0.0.255 any
    deny   ip 10.10.11.0 0.0.0.255 any
    deny   ip 10.10.12.0 0.0.0.255 any
    deny   ip any any log
    access-list 1 permit 192.168.16.0 0.0.0.63
    access-list 20 permit 127.127.1.1
    access-list 20 permit 204.235.61.9
    access-list 20 permit 173.201.38.85
    access-list 20 permit 216.229.4.69
    access-list 20 permit 152.2.21.1
    access-list 20 permit 130.126.24.24
    access-list 21 permit 192.168.16.0 0.0.0.63
    radius-server local
    no authentication mac
    eapfast authority id <omitted>
    eapfast authority info <omitted>
    eapfast server-key primary 7 <omitted>
    nas 192.168.16.49 key 7 <omitted>
    group rad-test3
      vlan 3
      ssid test3
    user test nthash 7 <omitted> group rad-test3
    user testtest nthash 7 <omitted> group rad-test3
    radius-server attribute 32 include-in-access-req format %h
    radius-server host 192.168.16.49 auth-port 1812 acct-port 1813 key 7 <omitted>
    radius-server vsa send accounting
    control-plane host
    control-plane transit
    control-plane cef-exception
    control-plane
    bridge 1 protocol ieee
    bridge 1 route ip
    bridge 2 protocol ieee
    bridge 2 route ip
    bridge 3 protocol ieee
    bridge 3 route ip
    line con 0
    password 7 <omitted>
    logging synchronous
    no modem enable
    transport output telnet
    line aux 0
    password 7 <omitted>
    logging synchronous
    transport output telnet
    line vty 0 4
    password 7 <omitted>
    logging synchronous
    transport preferred ssh
    transport input ssh
    transport output ssh
    scheduler max-task-time 5000
    scheduler allocate 4000 1000
    scheduler interval 500
    process cpu threshold type total rising 80 interval 10 falling 40 interval 10
    ntp authentication-key 1 md5 <omitted> 7
    ntp authenticate
    ntp trusted-key 1
    ntp source FastEthernet4
    ntp access-group peer 20
    ntp access-group serve-only 21
    ntp master 1
    ntp server 152.2.21.1 maxpoll 4
    ntp server 204.235.61.9 maxpoll 4
    ntp server 130.126.24.24 maxpoll 4
    ntp server 216.229.4.69 maxpoll 4
    ntp server 173.201.38.85 maxpoll 4
    end

    so this what i am getting now for debug? any thoughs?
    010724: Jan  5 16:26:04.527 AZT: RADIUS: Retransmit to (162.168.16.49:1812,1813) for id 1645/2
    010725: Jan  5 16:26:08.976 AZT: RADIUS: No response from (162.168.16.49:1812,1813) for id 1645/2
    010726: Jan  5 16:26:08.976 AZT: RADIUS/DECODE: No response from radius-server; parse response; FAIL
    010727: Jan  5 16:26:08.976 AZT: RADIUS/DECODE: Case error(no response/ bad packet/ op decode);parse response; FAIL
    010728: Jan  5 16:26:08.976 AZT: dot11_auth_dot1x_parse_aaa_resp: Received server response: FAIL
    010729: Jan  5 16:26:08.976 AZT: dot11_auth_dot1x_parse_aaa_resp: found eap pak in server response
    010730: Jan  5 16:26:08.976 AZT: Client d8b3.7759.0488 failed: EAP reason 1
    010731: Jan  5 16:26:08.976 AZT: dot11_auth_dot1x_parse_aaa_resp: Failed client d8b3.7759.0488 with aaa_req_status_detail 1
    010732: Jan  5 16:26:08.976 AZT: dot11_auth_dot1x_run_rfsm: Executing Action(SERVER_WAIT,SERVER_FAIL) for d8b3.7759.0488
    010733: Jan  5 16:26:08.976 AZT: dot11_auth_dot1x_send_response_to_client: Forwarding server message to client d8b3.7759.0488
    010734: Jan  5 16:26:08.976 AZT: EAPOL pak dump tx
    010735: Jan  5 16:26:08.976 AZT: EAPOL Version: 0x1  type: 0x0  length: 0x0004
    010736: Jan  5 16:26:08.976 AZT: EAP code: 0x4  id: 0x1  length: 0x0004
    0AD05650:                   01000004 04010004          ........
    0AD05660:
    010737: Jan  5 16:26:08.980 AZT: dot11_auth_send_msg:  sending data to requestor status 1
    010738: Jan  5 16:26:08.980 AZT: dot11_auth_send_msg: Sending EAPOL to requestor
    010739: Jan  5 16:26:08.980 AZT: dot11_auth_dot1x_send_response_to_client: Started timer client_timeout 30 seconds
    010740: Jan  5 16:26:08.980 AZT: dot11_auth_dot1x_send_client_fail: Authentication failed for d8b3.7759.0488
    010741: Jan  5 16:26:08.980 AZT: dot11_auth_send_msg:  sending data to requestor status 0
    010742: Jan  5 16:26:08.980 AZT: dot11_auth_send_msg: client FAILED to authenticate d8b3.7759.0488, node_type 64 for application 0x1
    010743: Jan  5 16:26:08.980 AZT: dot11_auth_delete_client_entry: d8b3.7759.0488 is deleted for application 0x1
    010744: Jan  5 16:26:08.984 AZT: %DOT11-7-AUTH_FAILED: Station d8b3.7759.0488 Authentication failed
    010745: Jan  5 16:26:09.624 AZT: dot11_auth_add_client_entry: Create new client d8b3.7759.0488 for application 0x1
    010746: Jan  5 16:26:09.624 AZT: dot11_auth_initialize_client: d8b3.7759.0488 is added to the client list for application 0x1
    010747: Jan  5 16:26:09.624 AZT: dot11_auth_add_client_entry: req->auth_type 0
    010748: Jan  5 16:26:09.624 AZT: dot11_auth_add_client_entry: auth_methods_inprocess: 2
    010749: Jan  5 16:26:09.624 AZT: dot11_auth_add_client_entry: eap list name: eap-methods
    010750: Jan  5 16:26:09.624 AZT: dot11_run_auth_methods: Start auth method EAP or LEAP
    010751: Jan  5 16:26:09.624 AZT: dot11_auth_dot1x_start: in the dot11_auth_dot1x_start
    010752: Jan  5 16:26:09.624 AZT: dot11_auth_dot1x_send_id_req_to_client: Sending identity request to d8b3.7759.0488
    010753: Jan  5 16:26:09.624 AZT: EAPOL pak dump tx
    010754: Jan  5 16:26:09.624 AZT: EAPOL Version: 0x1  type: 0x0  length: 0x0031
    010755: Jan  5 16:26:09.624 AZT: EAP code: 0x1  id: 0x1  length: 0x0031 type: 0x1
    0AD05B50:                   01000031 01010031          ...1...1
    0AD05B60: 01006E65 74776F72 6B69643D 746F7973  ..networkid=toys
    0AD05B70: 6F6E7067 2C6E6173 69643D72 6F757465  onpg,nasid=route
    0AD05B80: 72383731 2C706F72 7469643D 30        r871,portid=0
    010756: Jan  5 16:26:09.644 AZT: dot11_auth_send_msg:  sending data to requestor status 1
    010757: Jan  5 16:26:09.648 AZT: dot11_auth_send_msg: Sending EAPOL to requestor
    010758: Jan  5 16:26:09.648 AZT: dot11_auth_dot1x_send_id_req_to_client: Client d8b3.7759.0488 timer started for 30 seconds
    010759: Jan  5 16:26:09.656 AZT: dot11_auth_parse_client_pak: Received EAPOL packet from d8b3.7759.0488
    010760: Jan  5 16:26:09.656 AZT: EAPOL pak dump rx
    010761: Jan  5 16:26:09.656 AZT: EAPOL Version: 0x1  type: 0x0  length: 0x0009
    010762: Jan  5 16:26:09.656 AZT: EAP code: 0x2  id: 0x1  length: 0x0009 type: 0x1
    0B060D50:                   01000009 02010009          ........
    0B060D60: 01746573 74                          .test
    010763: Jan  5 16:26:09.660 AZT: dot11_auth_dot1x_run_rfsm: Executing Action(CLIENT_WAIT,CLIENT_REPLY) for d8b3.7759.0488
    010764: Jan  5 16:26:09.660 AZT: dot11_auth_dot1x_send_response_to_server: Sending client d8b3.7759.0488 data to server
    010765: Jan  5 16:26:09.660 AZT: dot11_auth_dot1x_send_response_to_server: Started timer server_timeout 60 seconds
    010766: Jan  5 16:26:09.664 AZT: RADIUS/ENCODE(00000198):Orig. component type = DOT11
    010767: Jan  5 16:26:09.664 AZT: RADIUS:  AAA Unsupported Attr: ssid              [282] 8
    010768: Jan  5 16:26:09.664 AZT: RADIUS:   74 6F 79 73 6F 6E                                [toyson]
    010769: Jan  5 16:26:09.664 AZT: RADIUS:  AAA Unsupported Attr: interface         [175] 3
    010770: Jan  5 16:26:09.664 AZT: RADIUS:   36                                               [6]
    010771: Jan  5 16:26:09.664 AZT: RADIUS(00000198): Config NAS IP: 192.168.16.49
    010772: Jan  5 16:26:09.664 AZT: RADIUS/ENCODE(00000198): acct_session_id: 408
    010773: Jan  5 16:26:09.664 AZT: RADIUS(00000198): Config NAS IP: 192.168.16.49
    010774: Jan  5 16:26:09.664 AZT: RADIUS(00000198): sending
    010775: Jan  5 16:26:09.664 AZT: RADIUS(00000198): Send Access-Request to 162.168.16.49:1645 id 1645/3, len 133
    010776: Jan  5 16:26:09.664 AZT: RADIUS:  authenticator BF 69 DD DF 89 1F C6 FB - EF EC 12 EB C5 3F 3A CD
    010777: Jan  5 16:26:09.664 AZT: RADIUS:  User-Name           [1]   6   "test"
    010778: Jan  5 16:26:09.664 AZT: RADIUS:  Framed-MTU          [12]  6   1400
    010779: Jan  5 16:26:09.664 AZT: RADIUS:  Called-Station-Id   [30]  16  "0019.3075.e660"
    010780: Jan  5 16:26:09.664 AZT: RADIUS:  Calling-Station-Id  [31]  16  "d8b3.7759.0488"
    010781: Jan  5 16:26:09.668 AZT: RADIUS:  Service-Type        [6]   6   Login                     [1]
    010782: Jan  5 16:26:09.668 AZT: RADIUS:  Message-Authenticato[80]  18
    010783: Jan  5 16:26:09.668 AZT: RADIUS:   5B FA 47 07 0E E3 4B 71 7F 60 6E 4E 91 37 84 A6  [[?G???Kq?`nN?7??]
    010784: Jan  5 16:26:09.668 AZT: RADIUS:  EAP-Message         [79]  11
    010785: Jan  5 16:26:09.668 AZT: RADIUS:   02 01 00 09 01 74 65 73 74                       [?????test]
    010786: Jan  5 16:26:09.668 AZT: RADIUS:  NAS-Port-Type       [61]  6   802.11 wireless           [19]
    010787: Jan  5 16:26:09.668 AZT: RADIUS:  NAS-Port            [5]   6   661
    010788: Jan  5 16:26:09.668 AZT: RADIUS:  NAS-Port-Id         [87]  5   "661"
    010789: Jan  5 16:26:09.668 AZT: RADIUS:  NAS-IP-Address      [4]   6   192.168.16.49
    010790: Jan  5 16:26:09.668 AZT: RADIUS:  Nas-Identifier      [32]  11  "router871"
    010791: Jan  5 16:26:14.501 AZT: RADIUS: Retransmit to (162.168.16.49:1645,1646) for id 1645/3
    router871#
    010792: Jan  5 16:26:19.018 AZT: RADIUS: Retransmit to (162.168.16.49:1645,1646) for id 1645/3
    router871#
    010793: Jan  5 16:26:23.739 AZT: RADIUS: Retransmit to (162.168.16.49:1645,1646) for id 1645/3
    router871#
    010794: Jan  5 16:26:28.700 AZT: RADIUS: Fail-over to (162.168.16.49:1812,1813) for id 1645/3
    router871#
    010795: Jan  5 16:26:33.629 AZT: RADIUS: Retransmit to (162.168.16.49:1812,1813) for id 1645/3
    router871#
    010796: Jan  5 16:26:38.494 AZT: RADIUS: Retransmit to (162.168.16.49:1812,1813) for id 1645/3
    router871#
    010797: Jan  5 16:26:39.794 AZT: dot11_auth_parse_client_pak: Received EAPOL packet from d8b3.7759.0488
    010798: Jan  5 16:26:39.794 AZT: EAPOL pak dump rx
    010799: Jan  5 16:26:39.794 AZT: EAPOL Version: 0x1  type: 0x1  length: 0x0000
    0AD053D0:                   01010000                   ....
    010800: Jan  5 16:26:39.798 AZT: dot11_auth_dot1x_run_rfsm: Executing Action(SERVER_WAIT,EAP_START) for d8b3.7759.0488
    010801: Jan  5 16:26:39.798 AZT: dot11_auth_dot1x_ignore_event: Ignore event: do nothing
    router871#
    010802: Jan  5 16:26:43.007 AZT: RADIUS: Retransmit to (162.168.16.49:1812,1813) for id 1645/3
    router871#
    010803: Jan  5 16:26:47.336 AZT: RADIUS: No response from (162.168.16.49:1812,1813) for id 1645/3
    010804: Jan  5 16:26:47.336 AZT: RADIUS/DECODE: No response from radius-server; parse response; FAIL
    010805: Jan  5 16:26:47.336 AZT: RADIUS/DECODE: Case error(no response/ bad packet/ op decode);parse response; FAIL
    010806: Jan  5 16:26:47.336 AZT: dot11_auth_dot1x_parse_aaa_resp: Received server response: FAIL
    010807: Jan  5 16:26:47.336 AZT: dot11_auth_dot1x_parse_aaa_resp: found eap pak in server response
    010808: Jan  5 16:26:47.336 AZT: Client d8b3.7759.0488 failed: EAP reason 1
    010809: Jan  5 16:26:47.336 AZT: dot11_auth_dot1x_parse_aaa_resp: Failed client d8b3.7759.0488 with aaa_req_status_detail 1
    010810: Jan  5 16:26:47.336 AZT: dot11_auth_dot1x_run_rfsm: Executing Action(SERVER_WAIT,SERVER_FAIL) for d8b3.7759.0488
    010811: Jan  5 16:26:47.336 AZT: dot11_auth_dot1x_send_response_to_client: Forwarding server message to client d8b3.7759.0488
    010812: Jan  5 16:26:47.336 AZT: EAPOL pak dump tx
    010813: Jan  5 16:26:47.336 AZT: EAPOL Version: 0x1  type: 0x0  length: 0x0004
    010814: Jan  5 16:26:47.336 AZT: EAP code: 0x4  id: 0x1  length: 0x0004
    0B060710:                   01000004 04010004          ........
    0B060720:
    010815: Jan  5 16:26:47.340 AZT: dot11_auth_send_msg:  sending data to requestor status 1
    010816: Jan  5 16:26:47.340 AZT: dot11_auth_send_msg: Sending EAPOL to requestor
    010817: Jan  5 16:26:47.340 AZT: dot11_auth_dot1x_send_response_to_client: Started timer client_timeout 30 seconds
    010818: Jan  5 16:26:47.340 AZT: dot11_auth_dot1x_send_client_fail: Authentication failed for d8b3.7759.0488
    010819: Jan  5 16:26:47.340 AZT: dot11_auth_send_msg:  sending data to requestor status 0
    010820: Jan  5 16:26:47.340 AZT: dot11_auth_send_msg: client FAILED to authenticate d8b3.7759.0488, node_type 64 for application 0x1
    router871#
    010821: Jan  5 16:26:47.340 AZT: dot11_auth_delete_client_entry: d8b3.7759.0488 is deleted for application 0x1
    010822: Jan  5 16:26:47.344 AZT: %DOT11-7-AUTH_FAILED: Station d8b3.7759.0488 Authentication failed
    010823: Jan  5 16:26:47.972 AZT: dot11_auth_add_client_entry: Create new client d8b3.7759.0488 for application 0x1
    010824: Jan  5 16:26:47.972 AZT: dot11_auth_initialize_client: d8b3.7759.0488 is added to the client list for application 0x1
    010825: Jan  5 16:26:47.972 AZT: dot11_auth_add_client_entry: req->auth_type 0
    010826: Jan  5 16:26:47.972 AZT: dot11_auth_add_client_entry: auth_methods_inprocess: 2
    010827: Jan  5 16:26:47.972 AZT: dot11_auth_add_client_entry: eap list name: eap-methods
    010828: Jan  5 16:26:47.976 AZT: dot11_run_auth_methods: Start auth method EAP or LEAP
    010829: Jan  5 16:26:47.976 AZT: dot11_auth_dot1x_start: in the dot11_auth_dot1x_start
    010830: Jan  5 16:26:47.976 AZT: dot11_auth_dot1x_send_id_req_to_client: Sending identity request to d8b3.7759.0488
    010831: Jan  5 16:26:47.976 AZT: EAPOL pak dump tx
    010832: Jan  5 16:26:47.976 AZT: EAPOL Version: 0x1  type: 0x0  length: 0x0031
    010833: Jan  5 16:26:47.976 AZT: EAP code: 0x1  id: 0x1  length: 0x0031 type: 0x1
    0AD05B50:                   01000031 01010031          ...1...1
    0AD05B60: 01006E65 74776F72 6B69643D 746F7973  ..networkid=toys
    0AD05B70: 6F6E7067 2C6E6173 69643D72 6F757465  onpg,nasid=route
    0AD05B80: 72383731 2C706F72 7469643D 30        r871,portid=0
    010834: Jan  5 16:26:47.996 AZT: dot11_auth_send_msg:  sending data to requestor status 1
    010835: Jan  5 16:26:47.996 AZT: dot11_auth_send_msg: Sending EAPOL to requestor
    010836: Jan  5 16:26:47.996 AZT: dot11_auth_dot1x_send_id_req_to_client: Client d8b3.7759.0488 timer started for 30 seconds
    010837: Jan  5 16:26:47.996 AZT: dot11_auth_client_abort: Received abort request for client d8b3.7759.0488
    010838: Jan  5 16:26:47.996 AZT: dot11_auth_client_abort: Aborting client d8b3.7759.0488 for application 0x1
    router871#
    010839: Jan  5 16:26:47.996 AZT: dot11_auth_delete_client_entry: d8b3.7759.0488 is deleted for application 0x1
    router871#
    010840: Jan  5 16:26:58.634 AZT: dot11_auth_add_client_entry: Create new client d8b3.7759.0488 for application 0x1
    010841: Jan  5 16:26:58.634 AZT: dot11_auth_initialize_client: d8b3.7759.0488 is added to the client list for application 0x1
    010842: Jan  5 16:26:58.638 AZT: dot11_auth_add_client_entry: req->auth_type 0
    010843: Jan  5 16:26:58.638 AZT: dot11_auth_add_client_entry: auth_methods_inprocess: 2
    010844: Jan  5 16:26:58.638 AZT: dot11_auth_add_client_entry: eap list name: eap-methods
    010845: Jan  5 16:26:58.638 AZT: dot11_run_auth_methods: Start auth method EAP or LEAP
    010846: Jan  5 16:26:58.638 AZT: dot11_auth_dot1x_start: in the dot11_auth_dot1x_start
    010847: Jan  5 16:26:58.638 AZT: dot11_auth_dot1x_send_id_req_to_client: Sending identity request to d8b3.7759.0488
    010848: Jan  5 16:26:58.638 AZT: EAPOL pak dump tx
    010849: Jan  5 16:26:58.638 AZT: EAPOL Version: 0x1  type: 0x0  length: 0x0031
    010850: Jan  5 16:26:58.638 AZT: EAP code: 0x1  id: 0x1  length: 0x0031 type: 0x1
    0B060710:                   01000031 01010031          ...1...1
    0B060720: 01006E65 74776F72 6B69643D 746F7973  ..networkid=toys
    0B060730: 6F6E7067 2C6E6173 69643D72 6F757465  onpg,nasid=route
    0B060740: 72383731 2C706F72 7469643D 30        r871,portid=0
    010851: Jan  5 16:26:58.658 AZT: dot11_auth_send_msg:  sending data to requestor status 1
    010852: Jan  5 16:26:58.658 AZT: dot11_auth_send_msg: Sending EAPOL to requestor
    010853: Jan  5 16:26:58.658 AZT: dot11_auth_dot1x_send_id_req_to_client: Client d8b3.7759.0488 timer started for 30 seconds
    010854: Jan  5 16:27:01.603 AZT: dot11_auth_client_abort: Received abort request for client d8b3.7759.0488
    010855: Jan  5 16:27:01.603 AZT: dot11_auth_client_abort: Aborting client d8b3.7759.0488 for application 0x1
    010856: Jan  5 16:27:01.603 AZT: dot11_auth_delete_client_entry: d8b3.7759.0488 is deleted for application 0x1
    010857: Jan  5 16:27:02.179 AZT: %SEC-6-IPACCESSLOGP: list ingress-filter denied tcp 32.42.41.254(57443) -> 72.201.117.84(59652), 1 packet
    010858: Jan  5 16:27:02.179 AZT: %SEC-6-IPACCESSLOGP: list egress-filter denied tcp 22.3.184.118(0) -> 74.125.53.188(0), 4 packets
    010859: Jan  5 16:27:12.261 AZT: dot11_auth_add_client_entry: Create new client d8b3.7759.0488 for application 0x1
    010860: Jan  5 16:27:12.261 AZT: dot11_auth_initialize_client: d8b3.7759.0488 is added to the client list for application 0x1
    010861: Jan  5 16:27:12.261 AZT: dot11_auth_add_client_entry: req->auth_type 0
    010862: Jan  5 16:27:12.261 AZT: dot11_auth_add_client_entry: auth_methods_inprocess: 2
    010863: Jan  5 16:27:12.261 AZT: dot11_auth_add_client_entry: eap list name: eap-methods
    010864: Jan  5 16:27:12.261 AZT: dot11_run_auth_methods: Start auth method EAP or LEAP
    010865: Jan  5 16:27:12.261 AZT: dot11_auth_dot1x_start: in the dot11_auth_dot1x_start
    010866: Jan  5 16:27:12.261 AZT: dot11_auth_dot1x_send_id_req_to_client: Sending identity request to d8b3.7759.0488
    010867: Jan  5 16:27:12.261 AZT: EAPOL pak dump tx
    010868: Jan  5 16:27:12.261 AZT: EAPOL Version: 0x1  type: 0x0  length: 0x0031
    010869: Jan  5 16:27:12.261 AZT: EAP code: 0x1  id: 0x1  length: 0x0031 type: 0x1
    0B060FD0:                   01000031 01010031          ...1...1
    0B060FE0: 01006E65 74776F72 6B69643D 746F7973  ..networkid=toys
    0B060FF0: 6F6E7067 2C6E6173 69643D72 6F757465  onpg,nasid=route
    0B061000: 72383731 2C706F72 7469643D 30        r871,portid=0
    010870: Jan  5 16:27:12.285 AZT: dot11_auth_send_msg:  sending data to requestor status 1
    010871: Jan  5 16:27:12.285 AZT: dot11_auth_send_msg: Sending EAPOL to requestor
    010872: Jan  5 16:27:12.285 AZT: dot11_auth_dot1x_send_id_req_to_client: Client d8b3.7759.0488 timer started for 30 seconds
    010873: Jan  5 16:27:12.293 AZT: dot11_auth_parse_client_pak: Received EAPOL packet from d8b3.7759.0488
    010874: Jan  5 16:27:12.293 AZT: EAPOL pak dump rx
    010875: Jan  5 16:27:12.293 AZT: EAPOL Version: 0x1  type: 0x0  length: 0x0009
    010876: Jan  5 16:27:12.293 AZT: EAP code: 0x2  id: 0x1  length: 0x0009 type: 0x1
    0AD05290:                   01000009 02010009          ........
    0AD052A0: 01746573 74                          .test
    010877: Jan  5 16:27:12.301 AZT: dot11_auth_dot1x_run_rfsm: Executing Action(CLIENT_WAIT,CLIENT_REPLY) for d8b3.7759.0488
    010878: Jan  5 16:27:12.301 AZT: dot11_auth_dot1x_send_response_to_server: Sending client d8b3.7759.0488 data to server
    010879: Jan  5 16:27:12.301 AZT: dot11_auth_dot1x_send_response_to_server: Started timer server_timeout 60 seconds
    010880: Jan  5 16:27:12.301 AZT: RADIUS/ENCODE(0000019B):Orig. component type = DOT11
    010881: Jan  5 16:27:12.305 AZT: RADIUS:  AAA Unsupported Attr: ssid              [282] 8
    010882: Jan  5 16:27:12.305 AZT: RADIUS:   74 6F 79 73 6F 6E                                [toyson]
    010883: Jan  5 16:27:12.305 AZT: RADIUS:  AAA Unsupported Attr: interface         [175] 3
    010884: Jan  5 16:27:12.305 AZT: RADIUS:   36                                               [6]
    010885: Jan  5 16:27:12.305 AZT: RADIUS(0000019B): Config NAS IP: 192.168.16.49
    010886: Jan  5 16:27:12.305 AZT: RADIUS/ENCODE(0000019B): acct_session_id: 411
    010887: Jan  5 16:27:12.305 AZT: RADIUS(0000019B): Config NAS IP: 192.168.16.49
    010888: Jan  5 16:27:12.305 AZT: RADIUS(0000019B): sending
    010889: Jan  5 16:27:12.305 AZT: RADIUS(0000019B): Send Access-Request to 162.168.16.49:1645 id 1645/4, len 133
    010890: Jan  5 16:27:12.305 AZT: RADIUS:  authenticator 6F 6C 63 31 88 DE 30 A2 - C2 06 12 EB 50 A3 53 36
    010891: Jan  5 16:27:12.305 AZT: RADIUS:  User-Name           [1]   6   "test"
    010892: Jan  5 16:27:12.305 AZT: RADIUS:  Framed-MTU          [12]  6   1400
    010893: Jan  5 16:27:12.305 AZT: RADIUS:  Called-Station-Id   [30]  16  "0019.3075.e660"
    010894: Jan  5 16:27:12.305 AZT: RADIUS:  Calling-Station-Id  [31]  16  "d8b3.7759.0488"
    010895: Jan  5 16:27:12.305 AZT: RADIUS:  Service-Type        [6]   6   Login                     [1]
    010896: Jan  5 16:27:12.305 AZT: RADIUS:  Message-Authenticato[80]  18
    010897: Jan  5 16:27:12.305 AZT: RADIUS:   9D D5 62 1A 38 13 94 30 3A 43 D7 A4 AE A4 43 64  [??b?8??0:C????Cd]
    010898: Jan  5 16:27:12.305 AZT: RADIUS:  EAP-Message         [79]  11
    010899: Jan  5 16:27:12.305 AZT: RADIUS:   02 01 00 09 01 74 65 73 74                       [?????test]
    010900: Jan  5 16:27:12.305 AZT: RADIUS:  NAS-Port-Type       [61]  6   802.11 wireless           [19]
    010901: Jan  5 16:27:12.305 AZT: RADIUS:  NAS-Port            [5]   6   664
    010902: Jan  5 16:27:12.309 AZT: RADIUS:  NAS-Port-Id         [87]  5   "664"
    010903: Jan  5 16:27:12.309 AZT: RADIUS:  NAS-IP-Address      [4]   6   192.168.16.49
    010904: Jan  5 16:27:12.309 AZT: RADIUS:  Nas-Identifier      [32]  11  "router871"
    010905: Jan  5 16:27:16.642 AZT: RADIUS: Retransmit to (162.168.16.49:1645,1646) for id 1645/4

Maybe you are looking for

  • Email set up error

    Getting message "Username or password incorrect for IMAP.mail.yahoo.com is incorrect' when setting up bellsouth.net mail account on iPhone 5

  • HT1212 How can I get my ipod to work if I forgot the password?

    How can I get into a ipod touch that I bought from someone who forgot the password?

  • Lenovo connect to av receiver

    hi guys i need your help please and sorry for my english.I have RX AV361 YAMAHA RECEIVER and i want to connect it with my laptop lenovo g50-30 so receiver's speakers will play the music.I want you to tell me what cable will i need and how i have to c

  • How to add radical/exotic tuning?

    When learning about psychoacoustics recently, I got interested in non-standard scales, including radical scales where there may be many more (or many less) intervals to an octave. I was hoping to use Logic Pro to look at some of those, but it seems t

  • Cannot search within a website

    When evre I log on to www.pch.com and try to search the spinning wheel keeps turning and no search results are found