Query On BGP MD5 Authentication
What is the use of BGP MD5 Authentication.?
Is it used for data integrity of packet or to prove router's identity?
Regards.
Hi Santhosh,
We are planning to implement Windows integrated authentication using SPNego in EP7 with Microsoft Active Directory.
Can you please share your experience and documents, in implementing the same. I have implemented Windows integrated authentication in EP6 with IIS proxy, but that is no longer supported.
I appreciate your help in this regard.
Regards
Chandu
Similar Messages
-
Hi,
I had a problem ( I think I fixed it) I just don't understand the reason why It happened. I have built a BGP config to use MD5 authentication (basic at first, then after BGP was up and running I added the authentication commands). BGP was up and running until today when we had to cut over our power for the racks one of the devices lives in. Upon rebooting I received the message " %TCP-6-BADAUTH: Invalid MD5 digest". I removed the authentication on both devices, BGP came back up, and then I re-added the authentication. Just for testing I cleared the peers, received the same message and then used the same procedure to fix it. So what I am trying to understand is why it did/ will do that, and if there is something I can do to prevent it or if I did something incorrectly to make this happen?
I do apologize, if I am not using all the correct terms, if something is not clear, please let me know and I will try to explain it better.
Thank you.
- StefanHello Stefan,
BGP session did not go UP at all without your help or you just did not wait what will happen and try to solve the problem?
I think that you could receive BADAUTH message because rebooted peer tried to establish new session but on other peer BGP session did not time out yet. Rebooted peer use other ports to establish BGP session (other than previous session) so MD5 hash did not match.
This is just a theoretical possibility, but this should not cause to BGP session will never come UP, maybe just convergence will last longer.
Best Regards
Please rate all helpful posts and close solved questions -
Can J2ME use Digest-MD5 Authentication?
We are writing a Java application with J2ME for cellphones which will use Microsoft MapPoint.net services that requires Digest-MD5 Authentication. Can J2ME use Digest-MD5 Authentication?
Well, you can either implement it yourself or take a look at :
http://java.sun.com/products/jce/
You will probably not want the whole package, but I think you can have access to the sources, so... :-)
Anthony -
Query on Integrated Windows Authentication....
Hi All,
I have a scenario to implement Integrated Windows Authentication using SPNego. But the initial page has to be loaded as anonymous portal onclick of the Logon button/Link, it has to validate the user against Integrated windows authentication and display the contents based on the user role.
I have successfully implemented Integrated Windows Authentication, but if I type the anonymous URL, it is not loading the anonymous contents, it is directly displaying based on user role?
Any suggestions on this??
Thanks & Regards,
Santhosh.CHi Santhosh,
We are planning to implement Windows integrated authentication using SPNego in EP7 with Microsoft Active Directory.
Can you please share your experience and documents, in implementing the same. I have implemented Windows integrated authentication in EP6 with IIS proxy, but that is no longer supported.
I appreciate your help in this regard.
Regards
Chandu -
Query on BGP route distribution
Hello Everyone
In the below scenario (GNS3), IBGP peering enabled between R1-R2, R1-R3, R2-R3 and EBGP peering enabled between R2-R4,R3-R5,R4-R6,R5-R7. OSPF enabled as IGP. Scenario attached for reference.
The problem I've observed in R1 is not getting entire BGP routing table for destinations 30.x.x.x/40.x.x.x.
I'm able to see only best routes in R1 BGP routing table, but alternate valid routes are not visible in its topology table.
R1#sh ip bgp
BGP table version is 81, local router ID is 100.100.2.1
*>i30.30.1.0/24 10.10.1.2 0 100 0 200 300 ?
*>i30.30.2.0/24 10.10.1.2 0 100 0 200 300 ?
*>i40.40.1.0/24 10.10.2.2 0 100 0 200 400 i
*>i40.40.2.0/24 10.10.2.2 0 100 0 200 400 i
*> 100.100.1.0/24 0.0.0.0 0 32768 i
*> 100.100.2.0/24 0.0.0.0 0 32768 i
More confusing part to me is when I disable IBGP peering between R2-R3 or shutdown interface between R2-R3 or else if I disable ospf in R1,R2 & R3 routers , I'm able to see both best route and alternate valid route in BGP topology table.
R1#sh ip bgpHi Milin & Renan,
Thanks for your replies. To narrow down the problem, I’ve shut down the 40.40.x.x network.
Now between R2-R3, R3 is not advertising 30.30.X.X network to R2, but whereas R2 is advertising 30.30.X.X network to R3. Why R3 is not advertising 30.30.X.X (route via 200 400 300) to R2.
R2#sh ip bgp ( No alternate route)
Network Next Hop Metric LocPrf Weight Path
*> 30.30.1.0/24 10.10.4.2 0 200 300 ?
*> 30.30.2.0/24 10.10.4.2 0 200 300 ?
*>i100.100.1.0/24 10.10.1.1 0 100 0 i
*>i100.100.2.0/24 10.10.1.1 0 100 0 i
R2#sh ip bgp summary
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
10.10.1.1 4 100 96 98 5 0 0 01:05:50 2
10.10.3.2 4 100 98 100 5 0 0 01:05:54 0
10.10.4.2 4 200 100 98 5 0 0 01:05:39 2
R3#sh ip bgp ( only in R3 we can see both best route & alternate route)
Network Next Hop Metric LocPrf Weight Path
*>i30.30.1.0/24 10.10.3.1 0 100 0 200 300 ?
* 10.10.5.2 0 200 400 300 ?
*>i30.30.2.0/24 10.10.3.1 0 100 0 200 300 ?
* 10.10.5.2 0 200 400 300 ?
*>i100.100.1.0/24 10.10.2.1 0 100 0 i
*>i100.100.2.0/24 10.10.2.1 0 100 0 i
R3#sh ip bgp summary
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
10.10.2.1 4 100 54 57 19 0 0 00:50:17 2
10.10.3.1 4 100 62 60 19 0 0 00:27:22 2
10.10.5.2 4 200 58 58 19 0 0 00:50:08 2 -
Query related to LDAP Authentication
Hi ,
We are using LDAP Authentication . I found some users are not able to see particular dashboards.
Users are telling they have the position and Setup everything is ok. But still facing problems in getting in dashboards and answars.
Please provied some solution.
Thanks
Kishor sethy
PTP,BangaloreQuery related to LDAP Authentication
-
Hi
In my senario i have BGP configured between two routers. i have mutihop configured in this BGP because it going through a firewall passing through a VPN tunnel at the other end its comes of the VPN tunnel and forms the neighbors. Its all working.
But, for some reason i need to change the update-source IP address at site A. so in my configuration the local IP is nated on the firewall before entering the VPN tunnel. (i dont have permision to do any IP changes at Site B BGP configuration)
My issue is because i configured the MD5 password for BGP authentication the BGP status is Active but, when i remove the password at both end the BGP is forming Neighbhors.
Why does MD5 not working via the NATed configuration. Is it using the local IP address ( not the nated address) of the BGP configuration for MD5 authentidation which is not recogonised at the other end.
Thanks in advance
Logesh.Hi,
which FW are you using?
Read below discussing for ASA and Checkpoint FWs:
http://ieoc.com/forums/p/3889/12428.aspx
http://www.costiser.ro/2013/03/31/bgp-md5-authentication/
https://www.fir3net.com/Firewalls/Check-Point/bgp.html
Best regards,
Milan -
Authentication with EAP-MD5/PEAP/FAST
Version: ISE 1.2p12
Hello,
I have trouble authenticating devices that use different protocols:
- Cisco IP Phones: EAP-MD5
- Windows machines: EAP-PEAP
- Cisco APs: EAP-FAST
1) I'm able to authenticate the IP Phones individually with a authentication rule:
IP PHONES If Wired_802.1X allowed protocols EAP-MD5
For EAP-MD5 I selected only EAP-MD5
Now if I use a generic rule
DEVICES If Wired_802.1X allowed protocols EAP-PEAP-FAST-MD5
with EAP-PEAP-FAST-MD5 having EAP-PEAP, EAP-FAST, EAP-MD5 selected, it doesn't work
ISE says that there's a protocol mismatch:
"Failure Reason: 12121 Client didn't provide suitable ciphers for anonymous PAC-provisioning"
ISE is trying to authenticate my phone with EAP-FAST while the Cisco phone is useing EAP-MD5
I read in another topic that some of you would consider MAB/Profiling for the APs and probably for the Cisco IP Phones. But I'm wondering if it's possible to have one authentication rule with allowed protocols EAP-PEAP-FAST-MD5
2) Also, if I place the EAP-MD5 authentication rule higher and then have a rule for EAP-PEAP-FAST below it doesn't work because only the first rule is matched. I have configured the first rule with "If authentication fails = Continue"
Does any of you have hints ?I know now the problem. WLC try to connect with "anonymous bind" to the ldap server. It works well with Win2000. With Win2003 it works only if you open the security. See link: http://support.microsoft.com/kb/320528/en
You haven't the possiblity to configure any username/pwd for a secure ldap query. It's something that is an absolutely need for many customers.
For the moment I will sugest the "workaround" with AP->WLC->Radius->LDAP
Kind regards
Alex -
Execution of query without authentication
Hello everyone,
I need to know how to provide to my client the following scenario.
They want to enter the web, execute a query but without the authentication, and then make filters over it.
The obvious answer is to use Broadcast but they donu2019t want to use this tool.
Can anyone help me?
Thank you,
JoanaHi everyone,
Mohan,
The Portal is not installed and the client doesn´t want to use SAP.
The client as a lot of companies that donu2019t have SAP installed and he would like to make available, for the employees, a few BW queries. But he doesnu2019t want to install Broadcast and don't want to have the trouble of executing the queries, and send them by e-mail, either.
Joerg,
What do you mean by u201Csimulate the Broadcaster and install the Broadcaster Programsu201D?
Do you have any documentation that my help me?
All help would be much appreciated.
Thank you,
Joana -
IPv6 OSPFv3 authentication (MD5) not working
I'm configuring two 2800 routers (ADVENTERPRISEK9, 12.4(24)T2) for OSPFv3. The interfaces are Frame-relay multipoint interfaces on both routers. OSPFv3 is fine without authentication. But when I added same MD5 authentication to the two interfaces, OSPFv3 adjacency never came back up. I'm using the exact same command as IOS IPv6 configuration guide.
Here are the configs on the two routers. What could be incorrect? In "show ipv6 ospf interface", secure socket is shown "up".
R1#
interface Serial0/0/0.402 multipoint
ipv6 address FE80:1:1::1 link-local
ipv6 address 2001:1:1::1/64
ipv6 ospf network broadcast
ipv6 ospf 1 area 0
ipv6 ospf authentication ipsec spi 500 md5 1234567890abcdef1234567890abcdef
frame-relay map ipv6 FE80:1:1::2 402 broadcast
ipv6 router ospf 1
router-id 1.1.1.1
R2#
interface Serial0/0/0.204 multipoint
ipv6 address FE80:1:1::2 link-local
ipv6 address 2001:1:1::2/64
ipv6 ospf network broadcast
ipv6 ospf 1 area 0
ipv6 ospf authentication ipsec spi 500 md5 1234567890abcdef1234567890abcdef
frame-relay map ipv6 FE80:1:1::1 204 broadcast
ipv6 router ospf 1
router-id 1.1.1.2
R1#sh ipv6 ospf int s0/0/0.402
Serial0/0/0.402 is up, line protocol is up
Link Local Address FE80:1:1::1, Interface ID 14
Area 0, Process ID 1, Instance ID 0, Router ID 1.1.1.1
Network Type BROADCAST, Cost: 64
MD5 authentication SPI 1000, secure socket UP (errors: 0) Rack61R4#sh ipv6 os int s0/0/0.402I have had the same problem. The reason is a bug in Cisco IOS CSCtc72699.
Workaround:
The setting of "no crypto engine onboard 0" is added, and the
command of "clear crypto sa" is executed.
Before:
r1(config-if)#do sh crypto ipsec sa
interface: Serial0/0/1
Crypto map tag: (none), local addr FE80::219:E8FF:FEE0:3640
IPsecv6 policy name: OSPFv3-2001-256
IPsecv6-created ACL name: Serial0/0/1-ipsecv6-ACL
protected vrf: (none)
local ident (addr/mask/prot/port): (FE80::/10/89/0)
remote ident (addr/mask/prot/port): (::/0/89/0)
current_peer :: port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 416, #pkts encrypt: 416, #pkts digest: 416
#pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0
local crypto endpt.: FE80::219:E8FF:FEE0:3640,
remote crypto endpt.: ::
path mtu 1500, ip mtu 1500, ip mtu idb Serial0/0/1
current outbound spi: 0x100(256)
inbound esp sas:
inbound ah sas:
spi: 0x100(256)
transform: ah-md5-hmac ,
in use settings ={Transport, }
conn id: 2005, flow_id: NETGX:5, crypto map: (none)
no sa timing
replay detection support: N
Status: ACTIVE
inbound pcp sas:
outbound esp sas:
outbound ah sas:
spi: 0x100(256)
transform: ah-md5-hmac ,
in use settings ={Transport, }
conn id: 2006, flow_id: NETGX:6, crypto map: (none)
no sa timing
replay detection support: N
Status: ACTIVE
outbound pcp sas:
After:
r1#sh crypto ipsec sa
interface: Serial0/0/1
Crypto map tag: (none), local addr FE80::219:E8FF:FEE0:3640
IPsecv6 policy name: OSPFv3-2001-256
IPsecv6-created ACL name: Serial0/0/1-ipsecv6-ACL
protected vrf: (none)
local ident (addr/mask/prot/port): (FE80::/10/89/0)
remote ident (addr/mask/prot/port): (::/0/89/0)
current_peer :: port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 56, #pkts encrypt: 56, #pkts digest: 56
#pkts decaps: 55, #pkts decrypt: 55, #pkts verify: 55
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0
local crypto endpt.: FE80::219:E8FF:FEE0:3640,
remote crypto endpt.: ::
path mtu 1500, ip mtu 1500, ip mtu idb Serial0/0/1
current outbound spi: 0x100(256)
inbound esp sas:
inbound ah sas:
spi: 0x100(256)
transform: ah-md5-hmac ,
in use settings ={Transport, }
conn id: 1, flow_id: SW:1, crypto map: (none)
no sa timing
replay detection support: N
Status: ACTIVE
inbound pcp sas:
outbound esp sas:
outbound ah sas:
spi: 0x100(256)
transform: ah-md5-hmac ,
in use settings ={Transport, }
conn id: 2, flow_id: SW:2, crypto map: (none)
no sa timing
replay detection support: N
Status: ACTIVE
outbound pcp sas: -
AD authentication using DIGEST-MD5: users have to reset password?
We are using DIGEST-MD5 to authenticate users against Active Directory. Our application ask users for user name and password and pass them to the attached java code. The strange thing is that it works for about 98% of users and it won't work for 2% of users. For those 2% of users, they can login into our domain but the same password won't work for our application.
We have found the workaround will be to ask those users to change their Windows password and after that they will be able to login.
My question is why= changing a user's password will make a difference for those 2% users? I am really puzzled.
Thanks!
try {
Hashtable authEnv = new Hashtable();
//set security credentials, note using DIGEST-MD5
//Requires user account to be stored with reversible encryption
authEnv.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
authEnv.put(Context.PROVIDER_URL, ldapURL);
authEnv.put(Context.REFERRAL,"follow"); // required
authEnv.put(Context.SECURITY_AUTHENTICATION, "DIGEST-MD5");
authEnv.put(Context.SECURITY_PRINCIPAL, creds.getUsername());
authEnv.put(Context.SECURITY_CREDENTIALS, creds.getPassword());
DirContext ctx1 = new InitialLdapContext(authEnv,null);
} catch (Exception ex) {
logger.info("Error authenticating user " + creds.getUsername(), ex);
throw new AuthenticationException("Authentication Failed for user " + creds.getUsername());
}Make sure which version of AD you are using: AD 2000 or AD 2003. For AD 2000, reversible encryption is required and it's not secure. That's why lots administrators do not like it. But for AD 2003, there is no need for password to be stored in reversible way. But there is limitation as to the client application. What works for AD 2000 may not work for AD 2003. For details, you can check the link below:
http://www.forumeasy.com/forums/thread.jsp?tid=115170863235&fid=ldapprof5&highlight=Why+DIGEST-MD5+Authentication+Does+Work
which summarized all working and not-working cases of Digest-Md5 authentication for SunOne, AD 2000 and AD 2003. It's quite informative. -
AAA and MD5 Configuration on SIP Calls
Olease can anyone help in AAA and MD5 configuration on Cisco 3640 running SIP. My carrier told me that the only way that my calls can be Authenticated is thru AAAor MD5, eg -
Host:
Authentication ID:
Secret:
Please I need your help thank you in advance.
KnmeziMD5 authentication works similarly to plain text authentication, except that the key is never sent over the wire. Instead, the router uses the MD5 algorithm to produce a "message digest" of the key (also called a "hash"). The message digest is then sent instead of the key itself. This ensures that nobody can eavesdrop on the line and learn keys during transmission.
These protocols use MD5 authentication:
OSPF
RIP version 2
BGP
IP Enhanced IGRP
For AAA configuration refer to following url;
http://www.cisco.com/en/US/products/sw/secursw/ps2138/products_configuration_example09186a008017ee15.shtml -
Dear friends,
I have this log on my core switch:
976691: Jan 6 14:13:57.666 IND: %TCP-6-BADAUTH: No MD5 digest from 10.201.252.113(179) to 10.201.252.2(42451) (RST)
this core switch (10.201.252.2) has an ospf adjacency with WAN router (10.201.252.113).
The OSPF state is FULL but these log always appear on the core switch.
I don't know what happened in this core switch because everything is fine. There is no problem instead.
But, these log are really really annoying me.
Does anyone know this issue?
Thank you.Hi Edwin,
It seems that you are also trying to run the BGP between your router and the 10.201.252.113. Your router is configured for BGP neighbor authentication using a shared password while the 10.201.252.113 is probably missing the corresponding configuration. The authentication in BGP is performed at the TCP level, thus the messages from the TCP subsystem.
To solve this problem, you need to correct the BGP configuration on both routers - either both of them have to use the BGP authentication, or none of them.
Best regards,
Peter -
Profiling Problem & Web Authentication Proxy
Dear All,
I am facing problem with profiling of workstation over wireless network as ISE is marking these workstations as 'Unknown'. Whereas if I connect same workstation using wired connection then it gets profiled in the right category.
Profiling for wireless network was working fine initially but as soon as I pointed AAA towards ISE in the employee SSID then ISE started marking any new workstation as 'Unknown'. Before enabling AAA in the WLAN (SSID) the profiling was working fine using 'Radius NAC' setting in advanced tab of the same SSID. Becasue of the unknown category, workstation gets authorization rejection as per the authorization policy.
I have another query reagrding enabling 'web authentication proxy' on Cisco WLC. I have guest wireless setup using dedicated anchor controller and ISE is providing the guest sponsor and guest portal services. So when a guest user comes in and if the user already has some proxy configured in the browser then url redirection for guest portal doesn't work and guest user must remove the proxy.
So this requires someone to enagage with guest user but the client want this process to be automatic. I have gone through following document,
http://www.cisco.com/en/US/products/ps10315/products_configuration_example09186a0080b8a909.shtml
but I am not sure if this solution will also work if the guest portal service is through ISE instead of WLC itself ??
Thanks & Regards,
MujeebNot a problem the reason your profiling is failing for wireless users is that the profiling information for dhcp isnt hitting the ise nodes. For the wired devices are you using the dhcp probe to profile the users? If so, then your issue is with the dhcp proxy setting on the controller. Even through you have the ip helper statement on the svi, essentially your controller is proxying the dhcp broadcasts from the client straight to the dhcp server, so even you enable the ip helper statements on the svi for the ISE nodes it will not work.
You are correct for the guests, typically if a guest has enabled proxy settings before they should know that they should probably disable this setting when the connect to a new network.
Also I can not remember but arent the proxy settings configured under the network settings tab? Meaning the only time you would experience this issue is if the ssid you are broadcasting is the same as the ssid they have connected to previously?
Thanks,
Tarik Admani
*Please rate helpful posts* -
802.1X authentication not happening in Voice Domain for IP Phone
I am trying to lab as many scenarios as I can for 802.1x. I seem to have hit a problem with IP Phones running EAP-MD5 authentication. The phone sare always being authenticated in the Data Domain. This is regardless of whether or no the port configuration is in: host-mode multi-auth ,or, host-mode multi-domain. After a while of both ports appearing to authenticate in the data VLAN, neither the PC or Phone will work
I have checked that my ACS5.1 server is sending the appropriate AV pair of "device-traffic-class=voice" as I can see it in a wireshark trace.
What other aspects might i need to check to get the phone to authenticate itself properly?
The problem shows itself as:
C3750G#sh authentication sessions int gi 1/0/16
Interface: GigabitEthernet1/0/16
MAC Address: 001d.452d.53e0
IP Address: Unknown
User-Name: CP-7942G-SEP001D452D53E0
Status: Authz Success
Domain: DATA
Security Policy: Should Secure
Security Status: Unsecure
Oper host mode: multi-domain
Oper control dir: both
Authorized By: Authentication Server
Vlan Group: N/A
Session timeout: N/A
Idle timeout: N/A
Common Session ID: C0A8FE2500000014000F6B8F
Acct Session ID: 0x00000036
Handle: 0xC8000014
Runnable methods list:
Method State
dot1x Authc Success
Interface: GigabitEthernet1/0/16
MAC Address: 0014.c209.896f
IP Address: 192.168.10.2
User-Name: TEST\TestAdmin
Status: Running
Domain: UNKNOWN
Security Policy: Should Secure
Security Status: Unsecure
Oper host mode: multi-domain
Oper control dir: both
Session timeout: N/A
Idle timeout: N/A
Common Session ID: C0A8FE2500000013000F5A42
Acct Session ID: 0x00000034
Handle: 0x27000013
Runnable methods list:
Method State
dot1x Running
My port config is:
interface GigabitEthernet1/0/16
description * 802.1x Multi Domain (1Phone + 1PC) *
switchport access vlan 10
switchport mode access
switchport voice vlan 11
priority-queue out
authentication host-mode multi-domain
authentication port-control auto
udld port aggressive
mls qos trust dscp
dot1x pae authenticator
spanning-tree portfast
endFor information, the debugs you request are:
Jan 29 10:58:46.317: %ILPOWER-7-DETECT: Interface Gi1/0/16: Power Device detected: IEEE PD
Jan 29 10:58:46.770: %ILPOWER-5-POWER_GRANTED: Interface Gi1/0/16: Power granted
Jan 29 10:58:50.377: AAA/BIND(0000001D): Bind i/f
Jan 29 10:58:52.373: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/16, changed state to up
Jan 29 10:58:53.380: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/16, changed state to up
Jan 29 10:58:54.789: %AUTHMGR-5-START: Starting 'dot1x' for client (001d.452d.53e0) on Interface Gi1/0/16 AuditSessionID C0A 8FE2500000018002FB1D0
Jan 29 10:58:56.920: AAA/AUTHEN/8021X (0000001D): Pick method list 'default'
Jan 29 10:58:56.920: RADIUS/ENCODE(0000001D):Orig. component type = DOT1X
Jan 29 10:58:56.920: RADIUS(0000001D): Config NAS IP: 192.168.254.37
Jan 29 10:58:56.920: RADIUS/ENCODE(0000001D): acct_session_id: 54
Jan 29 10:58:56.920: RADIUS(0000001D): sending
Jan 29 10:58:56.920: RADIUS(0000001D): Send Access-Request to 192.168.254.51:1645 id 1645/52, len 237
Jan 29 10:58:56.920: RADIUS: authenticator 89 81 92 2C AA 6B E6 E6 - CA 2C 3A 0D E1 C5 28 ED
Jan 29 10:58:56.928: RADIUS: User-Name [1] 26 "CP-7942G-SEP001D452D53E0"
Jan 29 10:58:56.928: RADIUS: Service-Type [6] 6 Framed [2]
Jan 29 10:58:56.928: RADIUS: Framed-MTU [12] 6 1500
Jan 29 10:58:56.928: RADIUS: Called-Station-Id [30] 19 "30-37-A6-AB-8E-90"
Jan 29 10:58:56.928: RADIUS: Calling-Station-Id [31] 19 "00-1D-45-2D-53-E0"
Jan 29 10:58:56.928: RADIUS: EAP-Message [79] 31
Jan 29 10:58:56.928: RADIUS: 02 01 00 1D 01 43 50 2D 37 39 34 32 47 2D 53 45 50 30 30 31 44 [CP-7942G-SEP001D]
Jan 29 10:58:56.928: RADIUS: 34 35 32 44 35 33 45 30 [ 452D53E0]
Jan 29 10:58:56.928: RADIUS: Message-Authenticato[80] 18
Jan 29 10:58:56.928: RADIUS: 83 AF F8 DB 44 0D 0A 46 70 2F 1E 8D 67 CE BC DD [ DFp/g]
Jan 29 10:58:56.928: RADIUS: EAP-Key-Name [102] 2 *
Jan 29 10:58:56.928: RADIUS: Vendor, Cisco [26] 49
Jan 29 10:58:56.928: RADIUS: Cisco AVpair [1] 43 "audit-session-id=C0A8FE2500000018002FB1D0"
Jan 29 10:58:56.928: RADIUS: NAS-Port-Type [61] 6 Ethernet [15]
Jan 29 10:58:56.928: RADIUS: NAS-Port [5] 6 50116
Jan 29 10:58:56.928: RADIUS: NAS-Port-Id [87] 23 "GigabitEthernet1/0/16"
Jan 29 10:58:56.928: RADIUS: NAS-IP-Address [4] 6 192.168.254.37
Jan 29 10:58:56.928: RADIUS(0000001D): Started 4 sec timeout
Jan 29 10:58:56.928: RADIUS: Received from id 1645/52 192.168.254.51:1645, Access-Challenge, len 76
Jan 29 10:58:56.928: RADIUS: authenticator DA 45 B9 F8 80 48 A0 4B - F7 99 9B 1F DE 4F B2 9E
Jan 29 10:58:56.928: RADIUS: State [24] 30
Jan 29 10:58:56.937: RADIUS: 32 35 53 65 73 73 69 6F 6E 49 44 3D 41 43 53 2F [25SessionID=ACS/]
Jan 29 10:58:56.937: RADIUS: 38 35 36 37 30 35 31 38 2F 33 33 3B [ 85670518/33;]
Jan 29 10:58:56.937: RADIUS: EAP-Message [79] 8
Jan 29 10:58:56.937: RADIUS: 01 51 00 06 0D 20 [ Q ]
Jan 29 10:58:56.937: RADIUS: Message-Authenticato[80] 18
Jan 29 10:58:56.937: RADIUS: 3C F4 D9 93 82 EA FB 25 A7 9D C4 8F 14 3F 33 4F [ <??3O]
Jan 29 10:58:56.937: RADIUS(0000001D): Received from id 1645/52
Jan 29 10:58:56.937: RADIUS/DECODE: EAP-Message fragments, 6, total 6 bytes
Jan 29 10:58:57.046: AAA/AUTHEN/8021X (0000001D): Pick method list 'default'
Jan 29 10:58:57.046: RADIUS/ENCODE(0000001D):Orig. component type = DOT1X
Jan 29 10:58:57.046: RADIUS(0000001D): Config NAS IP: 192.168.254.37
Jan 29 10:58:57.046: RADIUS/ENCODE(0000001D): acct_session_id: 54
Jan 29 10:58:57.046: RADIUS(0000001D): sending
Jan 29 10:58:57.046: RADIUS(0000001D): Send Access-Request to 192.168.254.51:1645 id 1645/53, len 244
Jan 29 10:58:57.046: RADIUS: authenticator BE 9B 32 59 45 BF 15 45 - E4 43 02 B5 B5 D7 ED 83
Jan 29 10:58:57.046: RADIUS: User-Name [1] 26 "CP-7942G-SEP001D452D53E0"
Jan 29 10:58:57.046: RADIUS: Service-Type [6] 6 Framed [2]
Jan 29 10:58:57.046: RADIUS: Framed-MTU [12] 6 1500
Jan 29 10:58:57.054: RADIUS: Called-Station-Id [30] 19 "30-37-A6-AB-8E-90"
Jan 29 10:58:57.054: RADIUS: Calling-Station-Id [31] 19 "00-1D-45-2D-53-E0"
Jan 29 10:58:57.054: RADIUS: EAP-Message [79] 8
Jan 29 10:58:57.054: RADIUS: 02 51 00 06 03 04 [ Q]
Jan 29 10:58:57.054: RADIUS: Message-Authenticato[80] 18
Jan 29 10:58:57.054: RADIUS: E0 B5 99 82 7E 9E 35 0F 78 D9 BD 4B 96 97 34 47 [ ~5xK4G]
Jan 29 10:58:57.054: RADIUS: EAP-Key-Name [102] 2 *
Jan 29 10:58:57.054: RADIUS: Vendor, Cisco [26] 49
Jan 29 10:58:57.054: RADIUS: Cisco AVpair [1] 43 "audit-session-id=C0A8FE2500000018002FB1D0"
Jan 29 10:58:57.054: RADIUS: NAS-Port-Type [61] 6 Ethernet [15]
Jan 29 10:58:57.054: RADIUS: NAS-Port [5] 6 50116
Jan 29 10:58:57.054: RADIUS: NAS-Port-Id [87] 23 "GigabitEthernet1/0/16"
Jan 29 10:58:57.054: RADIUS: State [24] 30
Jan 29 10:58:57.054: RADIUS: 32 35 53 65 73 73 69 6F 6E 49 44 3D 41 43 53 2F [25SessionID=ACS/]
Jan 29 10:58:57.054: RADIUS: 38 35 36 37 30 35 31 38 2F 33 33 3B [ 85670518/33;]
Jan 29 10:58:57.054: RADIUS: NAS-IP-Address [4] 6 192.168.254.37
Jan 29 10:58:57.054: RADIUS(0000001D): Started 4 sec timeout
Jan 29 10:58:57.054: RADIUS: Received from id 1645/53 192.168.254.51:1645, Access-Challenge, len 95
Jan 29 10:58:57.054: RADIUS: authenticator D9 62 B7 27 8F 55 E9 88 - 41 01 D0 83 52 DF 36 29
Jan 29 10:58:57.054: RADIUS: State [24] 30
Jan 29 10:58:57.054: RADIUS: 32 35 53 65 73 73 69 6F 6E 49 44 3D 41 43 53 2F [25SessionID=ACS/]
Jan 29 10:58:57.063: RADIUS: 38 35 36 37 30 35 31 38 2F 33 33 3B [ 85670518/33;]
Jan 29 10:58:57.063: RADIUS: EAP-Message [79] 27
Jan 29 10:58:57.063: RADIUS: 01 52 00 19 04 10 AA 6A A2 BC 63 1A C0 93 B8 58 67 F7 1A A5 FD 45 41 43 53 [ RjcXgEAC S]
Jan 29 10:58:57.063: RADIUS: Message-Authenticato[80] 18
Jan 29 10:58:57.063: RADIUS: 29 D2 66 87 4A 2F B3 9E B5 EC F9 4E 9F 62 82 5E [ )fJ/Nb^]
Jan 29 10:58:57.063: RADIUS(0000001D): Received from id 1645/53
Jan 29 10:58:57.063: RADIUS/DECODE: EAP-Message fragments, 25, total 25 bytes
Jan 29 10:58:57.079: AAA/AUTHEN/8021X (0000001D): Pick method list 'default'
Jan 29 10:58:57.079: RADIUS/ENCODE(0000001D):Orig. component type = DOT1X
Jan 29 10:58:57.079: RADIUS(0000001D): Config NAS IP: 192.168.254.37
Jan 29 10:58:57.079: RADIUS/ENCODE(0000001D): acct_session_id: 54
Jan 29 10:58:57.079: RADIUS(0000001D): sending
Jan 29 10:58:57.079: RADIUS(0000001D): Send Access-Request to 192.168.254.51:1645 id 1645/54, len 284
Jan 29 10:58:57.079: RADIUS: authenticator 91 F4 7C C1 4E 79 27 AB - 2F 36 20 A8 9C 3F A9 76
Jan 29 10:58:57.079: RADIUS: User-Name [1] 26 "CP-7942G-SEP001D452D53E0"
Jan 29 10:58:57.088: RADIUS: Service-Type [6] 6 Framed [2]
Jan 29 10:58:57.088: RADIUS: Framed-MTU [12] 6 1500
Jan 29 10:58:57.088: RADIUS: Called-Station-Id [30] 19 "30-37-A6-AB-8E-90"
Jan 29 10:58:57.088: RADIUS: Calling-Station-Id [31] 19 "00-1D-45-2D-53-E0"
Jan 29 10:58:57.088: RADIUS: EAP-Message [79] 48
Jan 29 10:58:57.088: RADIUS: 02 52 00 2E 04 10 45 2F B1 FC 60 CF 09 08 7B C4 F9 56 74 AF 44 E9 43 50 2D 37 39 34 32 [R.E/ `{VtDCP-7942]
Jan 29 10:58:57.088: RADIUS: 47 2D 53 45 50 30 30 31 44 34 35 32 44 35 33 45 [G-SEP001D452D53E]
Jan 29 10:58:57.088: RADIUS: 30 [ 0]
Jan 29 10:58:57.088: RADIUS: Message-Authenticato[80] 18
Jan 29 10:58:57.088: RADIUS: 45 42 58 9F 75 14 09 A1 FC DD CD 26 B4 88 42 CF [ EBXu&B]
Jan 29 10:58:57.088: RADIUS: EAP-Key-Name [102] 2 *
Jan 29 10:58:57.088: RADIUS: Vendor, Cisco [26] 49
Jan 29 10:58:57.088: RADIUS: Cisco AVpair [1] 43 "audit-session-id=C0A8FE2500000018002FB1D0"
Jan 29 10:58:57.088: RADIUS: NAS-Port-Type [61] 6 Ethernet [15]
Jan 29 10:58:57.088: RADIUS: NAS-Port [5] 6 50116
Jan 29 10:58:57.088: RADIUS: NAS-Port-Id [87] 23 "GigabitEthernet1/0/16"
Jan 29 10:58:57.088: RADIUS: State [24] 30
Jan 29 10:58:57.088: RADIUS: 32 35 53 65 73 73 69 6F 6E 49 44 3D 41 43 53 2F [25SessionID=ACS/]
Jan 29 10:58:57.088: RADIUS: 38 35 36 37 30 35 31 38 2F 33 33 3B [ 85670518/33;]
Jan 29 10:58:57.088: RADIUS: NAS-IP-Address [4] 6 192.168.254.37
Jan 29 10:58:57.088: RADIUS(0000001D): Started 4 sec timeout
Jan 29 10:58:57.222: RADIUS: Received from id 1645/54 192.168.254.51:1645, Access-Accept, len 126
Jan 29 10:58:57.222: RADIUS: authenticator 7B A5 E0 B2 D6 15 90 26 - 8F 8F 64 B0 E6 94 D8 C7
Jan 29 10:58:57.222: RADIUS: User-Name [1] 26 "CP-7942G-SEP001D452D53E0"
Jan 29 10:58:57.222: RADIUS: Class [25] 22
Jan 29 10:58:57.222: RADIUS: 43 41 43 53 3A 41 43 53 2F 38 35 36 37 30 35 31 [CACS:ACS/8567051]
Jan 29 10:58:57.222: RADIUS: 38 2F 33 33 [ 8/33]
Jan 29 10:58:57.222: RADIUS: EAP-Message [79] 6
Jan 29 10:58:57.222: RADIUS: 03 52 00 04 [ R]
Jan 29 10:58:57.222: RADIUS: Message-Authenticato[80] 18
Jan 29 10:58:57.222: RADIUS: E8 2E 9B FD C2 A8 D7 5E 86 DD 3C 67 FF 37 75 02 [ .^Jan 29 10:58:57.222: RADIUS: Vendor, Cisco [26] 34
Jan 29 10:58:57.222: RADIUS: Cisco AVpair [1] 28 "device-traffic-class=voice"
Jan 29 10:58:57.222: RADIUS(0000001D): Received from id 1645/54
Jan 29 10:58:57.222: RADIUS/DECODE: EAP-Message fragments, 4, total 4 bytes
Jan 29 10:58:57.222: AAA/AUTHOR (0000001D): Method list id=0 not configured. Skip author
Jan 29 10:58:57.222: %DOT1X-5-SUCCESS: Authentication successful for client (001d.452d.53e0) on Interface Gi1/0/16 AuditSess ionID
Jan 29 10:58:57.222: %AUTHMGR-7-RESULT: Authentication result 'success' from 'dot1x' for client (001d.452d.53e0) on Interfac e Gi1/0/16 AuditSessionID C0A8FE2500000018002FB1D0
Jan 29 10:58:57.239: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan10, changed state to up
Jan 29 10:58:58.262: %AUTHMGR-5-SUCCESS: Authorization succeeded for client (001d.452d.53e0) on Interface Gi1/0/16 AuditSess ionID C0A8FE2500000018002FB1D0
Maybe you are looking for
-
Syncing Problem in iTunes with iPhone 5
I successfully synced my iPhone 5 this morning in iTunes for the first time but now I wish to update and sync again, it won't let me!!! What has changed?
-
hello sir , i want to install new window because my current window was creating some problem i formated my old window but when i try to instal new window its say that window cannot be installed to this disk ,the selected disk is of the GPT partition
-
Line item deletions in opportunity which has folow up doc quotation
the problem is that even after deleting the line item in quote which is followup doc and then trying to delete the line item in the opp it is giving the same error message - 010 cannot delete the Line item ## which is same as before deleting the line
-
HT1695 Not staying connected to wi fi
About a month ago, I had to reset my ipad. Since then, I have to renter my wi-fi password at work. It remembers my home wi-fi, but never my work one.
-
NX8400GS Flicker Playing HD DVD
I've noticed that I get flicker in the bottom 10% of the screen when I watch HD DVDs. This happens in both Nero and PowerDVD, so I assume it's not the software. The same software played fine on my 8800GTS on the same display. Here's my setup: Dell