Такая проблема не проходит аутентификация через Radius server.
Настраивал всё по мануалу от cisco.
В Radius Client указывал , и management интерфейс, и интерфейс,который смотрит в “локалку”.
Во время второго случая,аутентификация прошла,но повторно подключиться не получилось.
Статистика с WLC
First Requests 5
Retry Requests 30
Accept Responses 2
Reject Responses 0
Challenge Responses 127
Malformed Messages 0
Bad Authenticator Msgs 0
В логах на Radius, access-request не приходит.
Только accaunting-request (4-ый тип сообщений).
При подключении клиента debug такой
reauth_sm state transition 0 —> 0 for mobile 74:29:af:2a:70:95 at 1x_reauth_sm.c:53
*Dot1x_NW_MsgTask_5: Mar 02 11:12:55.345: 74:29:af:2a:70:95 EAP-PARAM Debug - eap-params for Wlan-Id :10 is disabled - applying Global eap timers and retries
*Dot1x_NW_MsgTask_5: Mar 02 11:12:55.345: 74:29:af:2a:70:95 Disable re-auth, use PMK lifetime.
*Dot1x_NW_MsgTask_5: Mar 02 11:12:55.345: 74:29:af:2a:70:95 dot1x - moving mobile 74:29:af:2a:70:95 into Connecting state
*Dot1x_NW_MsgTask_5: Mar 02 11:12:55.345: 74:29:af:2a:70:95 Sending EAP-Request/Identity to mobile 74:29:af:2a:70:95 (EAP Id 1)
*Dot1x_NW_MsgTask_5: Mar 02 11:12:55.346: 74:29:af:2a:70:95 Reset the reauth counter since EAPOL START has been received!!!
*Dot1x_NW_MsgTask_5: Mar 02 11:12:55.346: 74:29:af:2a:70:95 reauth_sm state transition 0 —> 0 for mobile 74:29:af:2a:70:95 at 1x_reauth_sm.c:53
*Dot1x_NW_MsgTask_5: Mar 02 11:12:55.346: 74:29:af:2a:70:95 Received EAPOL START from mobile 74:29:af:2a:70:95
*Dot1x_NW_MsgTask_5: Mar 02 11:12:55.346: 74:29:af:2a:70:95 dot1x - moving mobile 74:29:af:2a:70:95 into Connecting state
*Dot1x_NW_MsgTask_5: Mar 02 11:12:55.346: 74:29:af:2a:70:95 Sending EAP-Request/Identity to mobile 74:29:af:2a:70:95 (EAP Id 2)
*Dot1x_NW_MsgTask_5: Mar 02 11:12:55.346: 74:29:af:2a:70:95 reauth_sm state transition 0 —> 0 for mobile 74:29:af:2a:70:95 at 1x_reauth_sm.c:71
*Dot1x_NW_MsgTask_5: Mar 02 11:13:02.769: 74:29:af:2a:70:95 Received EAPOL EAPPKT from mobile 74:29:af:2a:70:95
*Dot1x_NW_MsgTask_5: Mar 02 11:13:02.769: 74:29:af:2a:70:95 Received Identity Response (count=1) from mobile 74:29:af:2a:70:95
*Dot1x_NW_MsgTask_5: Mar 02 11:13:02.769: 74:29:af:2a:70:95 Resetting reauth count 1 to 0 for mobile 74:29:af:2a:70:95
*Dot1x_NW_MsgTask_5: Mar 02 11:13:02.769: 74:29:af:2a:70:95 EAP State update from Connecting to Authenticating for mobile 74:29:af:2a:70:95
*Dot1x_NW_MsgTask_5: Mar 02 11:13:02.769: 74:29:af:2a:70:95 dot1x - moving mobile 74:29:af:2a:70:95 into Authenticating state
*Dot1x_NW_MsgTask_5: Mar 02 11:13:02.769: 74:29:af:2a:70:95 reauth_sm state transition 0 —> 0 for mobile 74:29:af:2a:70:95 at 1x_reauth_sm.c:71
*Dot1x_NW_MsgTask_5: Mar 02 11:13:02.769: 74:29:af:2a:70:95 Entering Backend Auth Response state for mobile 74:29:af:2a:70:95
*Dot1x_NW_MsgTask_5: Mar 02 11:13:02.769: 74:29:af:2a:70:95 reauth_sm state transition 0 —> 0 for mobile 74:29:af:2a:70:95 at 1x_reauth_sm.c:71
*Dot1x_NW_MsgTask_5: Mar 02 11:13:07.779: 74:29:af:2a:70:95 Reset the reauth counter since EAPOL START has been received!!!
*Dot1x_NW_MsgTask_5: Mar 02 11:13:07.780: 74:29:af:2a:70:95 reauth_sm state transition 0 —> 0 for mobile 74:29:af:2a:70:95 at 1x_reauth_sm.c:53
*Dot1x_NW_MsgTask_5: Mar 02 11:13:07.780: 74:29:af:2a:70:95 Received EAPOL START from mobile 74:29:af:2a:70:95
*Dot1x_NW_MsgTask_5: Mar 02 11:13:07.780: 74:29:af:2a:70:95 dot1x - moving mobile 74:29:af:2a:70:95 into Aborting state
*Dot1x_NW_MsgTask_5: Mar 02 11:13:07.780: 74:29:af:2a:70:95 reauth_sm state transition 0 —> 0 for mobile 74:29:af:2a:70:95 at 1x_reauth_sm.c:71
*Dot1x_NW_MsgTask_5: Mar 02 11:13:07.780: 74:29:af:2a:70:95 dot1x - moving mobile 74:29:af:2a:70:95 into Connecting state
*Dot1x_NW_MsgTask_5: Mar 02 11:13:07.780: 74:29:af:2a:70:95 Sending EAP-Request/Identity to mobile 74:29:af:2a:70:95 (EAP Id 4)
*Dot1x_NW_MsgTask_5: Mar 02 11:13:07.780: 74:29:af:2a:70:95 reauth_sm state transition 0 —> 0 for mobile 74:29:af:2a:70:95 at 1x_reauth_sm.c:71
*Dot1x_NW_MsgTask_5: Mar 02 11:13:07.780: 74:29:af:2a:70:95 reauth_sm state transition 0 —> 0 for mobile 74:29:af:2a:70:95 at 1x_reauth_sm.c:71
*IPv6_Msg_Task: Mar 02 11:13:14.103: 74:29:af:2a:70:95 IP Addr Clear. AP MAC[50:67:ae:40:5a:40] Role[Unassociated] Pem State [8021X_REQD] Connected Time[19]
*Dot1x_NW_MsgTask_5: Mar 02 11:13:16.346: 74:29:af:2a:70:95 Received EAPOL EAPPKT from mobile 74:29:af:2a:70:95
*Dot1x_NW_MsgTask_5: Mar 02 11:13:16.346: 74:29:af:2a:70:95 Received Identity Response (count=1) from mobile 74:29:af:2a:70:95
*Dot1x_NW_MsgTask_5: Mar 02 11:13:16.346: 74:29:af:2a:70:95 Resetting reauth count 1 to 0 for mobile 74:29:af:2a:70:95
*Dot1x_NW_MsgTask_5: Mar 02 11:13:16.346: 74:29:af:2a:70:95 EAP State update from Connecting to Authenticating for mobile 74:29:af:2a:70:95
*Dot1x_NW_MsgTask_5: Mar 02 11:13:16.346: 74:29:af:2a:70:95 dot1x - moving mobile 74:29:af:2a:70:95 into Authenticating state
*Dot1x_NW_MsgTask_5: Mar 02 11:13:16.346: 74:29:af:2a:70:95 reauth_sm state transition 0 —> 0 for mobile 74:29:af:2a:70:95 at 1x_reauth_sm.c:71
*Dot1x_NW_MsgTask_5: Mar 02 11:13:16.346: 74:29:af:2a:70:95 Entering Backend Auth Response state for mobile 74:29:af:2a:70:95
*Dot1x_NW_MsgTask_5: Mar 02 11:13:16.347: 74:29:af:2a:70:95 reauth_sm state transition 0 —> 0 for mobile 74:29:af:2a:70:95 at 1x_reauth_sm.c:71
Напрягает ,строчка Reset the reauth counter since EAPOL START has been received!!!
И отстуствие 0.0.0.0 8021X_REQD (3) Change state to L2AUTHCOMPLETE (4) last state 8021X_REQD (3)
Может кто сталкивался с такой проблемой? И кто поможет советом?