locked
NAP Enforcement 802.1x RRS feed

  • Question

  • Dear All,

    I need your help for below points -

    1. Cisco switch 3550 configuration steps with command
    2. is there any group policy have to enable

    we have Cisco ACS 3.0 in our environment.

    NAP is already running in our environment with IP Sec enforcement.

    your kind help will be highly appreciated.


    Rakesh Kumar
    • Edited by Kumar Rakesh Tuesday, December 8, 2009 5:20 AM forgotten some point
    Tuesday, December 8, 2009 5:16 AM

Answers

All replies

  • Hi
    1: Read this great blog.
        http://blogs.technet.com/nap/archive/2008/06/19/nap-802-1x-configuration-walkthrough.aspx

    2: What's your client OS?

    /Johan

    Wednesday, December 9, 2009 6:38 AM
  • Hi,

    Regarding Cisco configuration, it’s suggested to consult Cisco support to get better support there. They are the best resource for their product.

    Thanks.

    This posting is provided "AS IS" with no warranties, and confers no rights.
    Friday, December 11, 2009 8:08 AM
  • Dear All,

    I have configured the my LAB setup for 802.1x and configured the Cisco switch Catalyst 3560(IOS 12.2) as per below link-

    http://napteam.members.winisp.net/Cisco%20Catalyst%203550.txt

    I have a problem that clients are not getting IP Address from DHCP server.

    let me clear my LAB environment -
    1. 2 DC in windows 2003 domain with 2K3 forest functional level
    2. Schema master is 2K3 DC and ADC on win 2K8.
    3. One NAP server on win 2k8
    4. 2 Client PC one is win2K8 and second is XP SP3
    5. One DHCP on win2K8
    6. Both clients are not getting IP Address from DHCP
    7. There are three VLANs created for Servers, Complaint and noncompliant.
    My question –
    1.    Why client authentication getting failed.
    2.    Why clients are not getting IP address.
    3.    Is there any other configuration required on switch or DHCP or NAP
    4.    The configuration for NAP and Switch that was provided to you is correct as per best   practice or not
    5.    Is there any possibility to integrate Cisco ACS with NAP

    Errors on client PCs:
    1 Win2K8 Client-
    Log Name:      Microsoft-Windows-Wired-AutoConfig/Operational
    Source:        Microsoft-Windows-Wired-AutoConfig
    Date:          08-12-2009 22:33:13
    Event ID:      15514
    Task Category: None
    Level:         Error
    Keywords:     
    User:          SYSTEM
    Computer:      SCCM.NAP.COM
    Description:
    Wired 802.1X Authentication failed.

     Network Adapter: Realtek RTL8101 Family PCI-E Fast Ethernet NIC (NDIS 6.0)
     Interface GUID: {a49d1828-4b44-4e8a-a33f-fc8184afce09}
     Peer Address: 001955AE3E83
     Local Address: 0019D1B008FC
     Connection ID: 0x5
     Identity: NAP\napuser
     User: napuser
     Domain: NAP
     Reason: 0x50005
     Reason Text: Explicit Eap failure received
     Error Code: 0x40420110
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Microsoft-Windows-Wired-AutoConfig" Guid="{b92cf7fd-dc10-4c6b-a72d-1613bf25e597}" />
        <EventID>15514</EventID>
        <Version>0</Version>
        <Level>2</Level>
        <Task>0</Task>
        <Opcode>0</Opcode>
        <Keywords>0x8000000000000000</Keywords>
        <TimeCreated SystemTime="2009-12-08T17:03:13.775Z" />
        <EventRecordID>85</EventRecordID>
        <Correlation />
        <Execution ProcessID="1076" ThreadID="1416" />
        <Channel>Microsoft-Windows-Wired-AutoConfig/Operational</Channel>
        <Computer>SCCM.NAP.COM</Computer>
        <Security UserID="S-1-5-18" />
      </System>
      <EventData>
        <Data Name="InterfaceGuid">{A49D1828-4B44-4E8A-A33F-FC8184AFCE09}</Data>
        <Data Name="InterfaceDescription">Realtek RTL8101 Family PCI-E Fast Ethernet NIC (NDIS 6.0)</Data>
        <Data Name="SwitchMAC">001955AE3E83</Data>
        <Data Name="LocalMAC">0019D1B008FC</Data>
        <Data Name="ConnectionID">0x5</Data>
        <Data Name="Identity">NAP\napuser</Data>
        <Data Name="User">napuser</Data>
        <Data Name="Domain">NAP</Data>
        <Data Name="ReasonCode">0x50005</Data>
        <Data Name="ReasonText">Explicit Eap failure received</Data>
        <Data Name="ErrorCode">0x40420110</Data>
      </EventData>
    </Event>
    2. XP Client 
     The IP Address lease 0.0.0.0 for networkcard with network address 001cc04eb2b2 has been denied by the DHCP server 192.168.0.4 (the DHCP server sent the DHCPNACK message)
    3. NAP Server error
    Log Name:      System
    Source:        NPS
    Date:          08-12-2009 23:09:32
    Event ID:      18
    Task Category: None
    Level:         Error
    Keywords:      Classic
    User:          N/A
    Computer:      NPS.NAP.COM
    Description:
    An Access-Request message was received from RADIUS client 192.168.0.1 with a message authenticator attribute that is not valid.
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="NPS" />
        <EventID Qualifiers="49152">18</EventID>
        <Level>2</Level>
        <Task>0</Task>
        <Keywords>0x80000000000000</Keywords>
        <TimeCreated SystemTime="2009-12-08T17:39:32.000Z" />
        <EventRecordID>1747</EventRecordID>
        <Channel>System</Channel>
        <Computer>NPS.NAP.COM</Computer>
        <Security />
      </System>
      <EventData>
        <Data>192.168.0.1</Data>
      </EventData>
    </Event>
    4. Switch configuration
    =~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2009.12.08 22:58:16 =~=~=~=~=~=~=~=~=~=~=~=

    NAP-Test_Switch#sh ver
    Cisco IOS Software, C3560 Software (C3560-IPSERVICESK9-M), Version 12.2(25)SEE4, RELEASE SOFTWARE (fc1)
    Copyright (c) 1986-2007 by Cisco Systems, Inc.
    Compiled Mon 16-Jul-07 03:11 by myl
    Image text-base: 0x00003000, data-base: 0x01300000

    ROM: Bootstrap program is C3560 boot loader
    BOOTLDR: C3560 Boot Loader (C3560-HBOOT-M) Version 12.2(25r)SEC, RELEASE SOFTWARE (fc4)

    NAP-Test_Switch uptime is 2 hours, 54 minutes
    System returned to ROM by power-on
    System image file is "flash:/c3560-ipservicesk9-mz.122-25.SEE4.bin"


    This product contains cryptographic features and is subject to United
    States and local country laws governing import, export, transfer and
    use. Delivery of Cisco cryptographic products does not imply
    third-party authority to import, export, distribute or use encryption.
    Importers, exporters, distributors and users are responsible for
    compliance with U.S. and local country laws. By using this product you
    agree to comply with applicable laws and regulations. If you are unable
    to comply with U.S. and local laws, return this product immediately.

    A summary of U.S. laws governing Cisco cryptographic products may be found at:
    http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

    If you require further assistance please contact us by sending email to
    export@cisco.com.

    cisco WS-C3560-24TS (PowerPC405) processor (revision D0) with 118784K/12280K bytes of memory.
    Processor board ID CAT1036RKAD
    Last reset from power-on
    5 Virtual Ethernet interfaces
    24 FastEthernet interfaces
    2 Gigabit Ethernet interfaces
    The password-recovery mechanism is enabled.

    512K bytes of flash-simulated non-volatile configuration memory.
    Base ethernet MAC Address       : 00:19:55:AE:3E:80
    Motherboard assembly number     : 73-9897-06
    Power supply part number        : 341-0097-02
    Motherboard serial number       : CAT1036537X
    Power supply serial number      : DCA10324VX4
    Model revision number           : D0
    Motherboard revision number     : A0
    Model number                    : WS-C3560-24TS-S
    System serial number            : CAT1036RKAD
    Top Assembly Part Number        : 800-26160-02
    Top Assembly Revision Number    : C0
    Version ID                      : V02
    CLEI Code Number                : COMMG00ARB
    Hardware Board Revision Number  : 0x01


    Switch   Ports  Model              SW Version              SW Image           
    ------   -----  -----              ----------              ----------         
    *    1   26     WS-C3560-24TS      12.2(25)SEE4            C3560-IPSERVICESK9-M


    Configuration register is 0xF

    NAP-Test_Switch#
    NAP-Test_Switch#
    NAP-Test_Switch#sh run
    Building configuration...

    Current configuration : 2563 bytes
    !
    version 12.2
    no service pad
    service timestamps debug uptime
    service timestamps log uptime
    no service password-encryption
    !
    hostname NAP-Test_Switch
    !
    !
    aaa new-model
    aaa authentication dot1x default group radius
    aaa authorization network default group radius
    !
    aaa session-id common
    vtp domain VIRSTRA_PUNE
    vtp mode transparent
    ip subnet-zero
    ip routing
    !
    ip dhcp-server 192.168.0.4
    !
    !
    !
    !
    !
    dot1x system-auth-control
    no file verify auto
    spanning-tree mode pvst
    spanning-tree extend system-id
    !
    vlan internal allocation policy ascending
    !
    vlan 10
     name FullAccess
    !
    vlan 20
     name RestrictedAccess
    !
    vlan 30
     name Server
    !
    vlan 200
     name PUNE-SW-Management
    !
    !
    interface FastEthernet0/1
     switchport access vlan 20
     switchport mode access
     dot1x pae authenticator
     dot1x port-control auto
     dot1x guest-vlan 20
     spanning-tree portfast
     spanning-tree bpdufilter disable
     spanning-tree bpduguard disable
    !
    interface FastEthernet0/2
    !
    interface FastEthernet0/3
    !
    interface FastEthernet0/4
    !
    interface FastEthernet0/5
    !
    interface FastEthernet0/6
    !
    interface FastEthernet0/7
    !
    interface FastEthernet0/8
    !
    interface FastEthernet0/9
    !
    interface FastEthernet0/10
    !
    interface FastEthernet0/11
     switchport access vlan 20
     switchport mode access
    !
    interface FastEthernet0/12
    !
    interface FastEthernet0/13
     switchport access vlan 30
     switchport mode access
    !
    interface FastEthernet0/14
     switchport access vlan 30
     switchport mode access
    !
    interface FastEthernet0/15
     switchport access vlan 30
     switchport mode access
    !
    interface FastEthernet0/16
     switchport access vlan 30
     switchport mode access
    !
    interface FastEthernet0/17
    !
    interface FastEthernet0/18
    !
    interface FastEthernet0/19
    !
    interface FastEthernet0/20
    !
    interface FastEthernet0/21
    !
    interface FastEthernet0/22
    !
    interface FastEthernet0/23
    !
    interface FastEthernet0/24
    !
    interface GigabitEthernet0/1
    !
    interface GigabitEthernet0/2
    !
    interface Vlan1
     no ip address
     shutdown
    !
    interface Vlan10
     description *** Full Access ***
     ip address 192.168.1.1 255.255.255.0
     ip helper-address 192.168.0.4
    !
    interface Vlan20
     description *** RestrictedAccess ***
     ip address 10.1.1.1 255.255.255.0
     ip helper-address 192.168.0.4
    !
    interface Vlan30
     description *** Server Segment ***
     ip address 192.168.0.1 255.255.255.0
    !
    interface Vlan200
     ip address 192.168.66.231 255.255.255.240
     shutdown
    !
    ip classless
    ip http server
    ip http secure-server
    !
    !
    radius-server host 192.168.0.5 auth-port 1645 acct-port 1646 key secret
    radius-server retransmit 2
    radius-server timeout 2
    !
    control-plane
    !
    !
    line con 0
    line vty 5 15
    !
    end

    NAP-Test_Switch#
    NAP-Test_Switch#
    NAP-Test_Switch#
    NAP-Test_Switch#sh ip int brief
    Interface              IP-Address      OK? Method Status                Protocol
    Vlan1                  unassigned      YES manual administratively down down   
    Vlan10                 192.168.1.1     YES manual up                    down   
    Vlan20                 10.1.1.1        YES manual up                    down   
    Vlan30                 192.168.0.1     YES manual up                    up     
    Vlan200                192.168.66.231  YES manual administratively down down   
    FastEthernet0/1        unassigned      YES unset  up                    down   
    FastEthernet0/2        unassigned      YES unset  down                  down   
    FastEthernet0/3        unassigned      YES unset  down                  down   
    FastEthernet0/4        unassigned      YES unset  down                  down   
    FastEthernet0/5        unassigned      YES unset  down                  down   
    FastEthernet0/6        unassigned      YES unset  down                  down   
    FastEthernet0/7        unassigned      YES unset  down                  down   
    FastEthernet0/8        unassigned      YES unset  down                  down   
    FastEthernet0/9        unassigned      YES unset  down                  down   
    FastEthernet0/10       unassigned      YES unset  down                  down   
    FastEthernet0/11       unassigned      YES unset  down                  down   
    FastEthernet0/12       unassigned      YES unset  down                  down   
    FastEthernet0/13       unassigned      YES unset  up                    up     
    FastEthernet0/14       unassigned      YES unset  down                  down   
    FastEthernet0/15       unassigned      YES unset  up                    up     
    FastEthernet0/16       unassigned      YES unset  up                    up     
    FastEthernet0/17       unassigned      YES unset  down                  down   
    FastEthernet0/18       unassigned      YES unset  down                  down   
    FastEthernet0/19       unassigned      YES unset  down                  down   
    FastEthernet0/20       unassigned      YES unset  down                  down   
    FastEthernet0/21       unassigned      YES unset  down                  down   
    FastEthernet0/22       unassigned      YES unset  down                  down   
    FastEthernet0/23       unassigned      YES unset  down                  down   
    FastEthernet0/24       unassigned      YES unset  down                  down   
    GigabitEthernet0/1     unassigned      YES unset  down                  down   
    GigabitEthernet0/2     unassigned      YES unset  down                  down   
    NAP-Test_Switch#
    NAP-Test_Switch#
    NAP-Test_Switch#

    rest in next thread


    Rakesh Kumar
    • Edited by Kumar Rakesh Friday, December 11, 2009 6:47 PM adding comments
    Friday, December 11, 2009 6:45 PM
  • continue of previous thread - NAP Server configuration - - Connections_to_other_access_servers Connections_to_Microsoft_Routing_and_Remote_Access_server Use_Windows_authentication_for_all_users - 8 - - - - - - 1 2 3 4 9 10 0 1 - - 1 2 5 4 10 3 9 0d000000000000000000000000000000 0 2 14 1 0100000048000000010000000100FFFF2800000001000000200000000000000001000000010000000100000000000000000000000000000000000000000000000000000000000000 - - 1 1 1 3 9 4 10 0 1 1 2 6 10 13 - - 1 0 1 1 3 9 4 10 1 1 20 1 2 6 20 13 50 120 - - 1 1 1 3 9 4 10 1 1 20 1 2 6 20 13 - - - - Connections to other access servers TIMEOFDAY("0 00:00-24:00; 1 00:00-24:00; 2 00:00-24:00; 3 00:00-24:00; 4 00:00-24:00; 5 00:00-24:00; 6 00:00-24:00") 999999 - - Connections to Microsoft Routing and Remote Access server MATCH("MS-RAS-Vendor=^311$") 999998 - - 1 0 NAP 802.1X (Wired) Compliant SHV("NAP 802.1X (Wired) Compliant") MACHINENTGROUPS("S-1-5-21-2711027617-1583005422-2415699185-1113") 3 - - 1 0 NAP 802.1X (Wired) Noncompliant SHV("NAP 802.1X (Wired) Noncompliant") MACHINENTGROUPS("S-1-5-21-2711027617-1583005422-2415699185-1113") 4 - - 1 0 NAP 802.1X (Wired) Non NAP-Capable MATCH("Not-Quarantine-Capable=^1$") MATCH("NAS-Port-Type=^15$") MACHINENTGROUPS("S-1-5-21-2711027617-1583005422-2415699185-1113") 5 - - - - Use Windows authentication for all users TIMEOFDAY("0 00:00-24:00; 1 00:00-24:00; 2 00:00-24:00; 3 00:00-24:00; 4 00:00-24:00; 5 00:00-24:00; 6 00:00-24:00") 999999 - - 1 0 NAP 802.1X (Wired) MATCH("NAS-Port-Type=^15$") 2 - - - - 1 - - 1 190000000000000000000000000000003800000002000000380000000300000014000000c00da2acfb751295f9b9b1b65bf31ac378a34abf0100000001000000100000001a00000000000000 19000000000000000000000000000000 5 4 1 - - - - IAS.IasHelper 262145 - - - - - - 0 - - 43 - - 5 - - 181 - - 529 - - 14 - - 272 - - 52 - - 9 - - 332 - - 434 - - 64 - - 343 - - 244 - - 307 - - 1 - - 166 - - 117 - - 429 - - 15 - - 311 - - 2352 - - 562 - - - - 192.168.0.1 0 0 1 0 secret - 1813,1646 1812,1645 262144 IAS.RadiusProtocol - - - - IAS.PolicyEnforcer 7 - - IAS.NTSamAuthentication 1 1 - - IAS.ProxyPolicyEnforcer 5 - - IAS.RadiusProxy 8 - - IAS.Accounting 9 1 1 1 65535 1 1 3 10 - - IAS.DatabaseAccounting 13 1 1 1 1 2 - - IAS.PostQuarantineEvaluator 14 - - - - 524288 IAS.NTEventLog 1 1 1 - - - - - - 0 00013780 - - 3 00013780 - NPS - - - - - - IAS.SdoClient {46557888-4DB8-11d2-8ECE-00C04FC2F519} {46557889-4DB8-11d2-8ECE-00C04FC2F519} Require_Signature Shared_Secret NAS_Manufacturer IP_Address Quarantine_Compatible Radius_Client_Enabled - - IAS.SdoCondition Condition_Text {46557888-4DB8-11d2-8ECE-00C04FC2F519} {46557889-4DB8-11d2-8ECE-00C04FC2F519} - - IAS.SdoPolicy {46557888-4DB8-11d2-8ECE-00C04FC2F519} {46557889-4DB8-11d2-8ECE-00C04FC2F519} msNPConstraint msNPSequence msNPAction Policy_Action Conditions Policy_Enabled Policy_SourceTag - - IAS.SdoProfile Profile_Attributes {46557888-4DB8-11d2-8ECE-00C04FC2F519} {46557889-4DB8-11d2-8ECE-00C04FC2F519} - - IAS.NTEventLog Component_Id Component_Prog_Id Log_Application_Events Log_Malformed_Packets Log_Verbose {46557888-4DB8-11d2-8ECE-00C04FC2F519} {46557889-4DB8-11d2-8ECE-00C04FC2F519} - - IAS.PolicyEnforcer Component_Id Component_Prog_Id NAP_Policies SHV_Templates_Configuration {46557888-4DB8-11d2-8ECE-00C04FC2F519} {46557889-4DB8-11d2-8ECE-00C04FC2F519} - - IAS.NTSamAuthentication Allow_LM_Authentication Component_Id Component_Prog_Id {46557888-4DB8-11d2-8ECE-00C04FC2F519} {46557889-4DB8-11d2-8ECE-00C04FC2F519} - - IAS.Accounting {46557888-4DB8-11d2-8ECE-00C04FC2F519} {46557889-4DB8-11d2-8ECE-00C04FC2F519} Component_Id Component_Prog_Id Log_Accounting_Packets Log_Interim_Accounting_Packets Log_Authentication_Packets New_Log_Frequency New_Log_Size Log_File_Directory Log_Format Delete_If_Full Log_Interim_Authentication_Packets - - IAS.SdoServiceIAS {46557888-4DB8-11d2-8ECE-00C04FC2F519} {46557889-4DB8-11d2-8ECE-00C04FC2F519} Description Policies Profiles Protocols Auditors Request_Handlers RADIUS_Server_Groups Proxy_Policies Proxy_Profiles Remediation_Server_Groups SHV_Templates - - IAS.RadiusProtocol {46557888-4DB8-11d2-8ECE-00C04FC2F519} {46557889-4DB8-11d2-8ECE-00C04FC2F519} Component_Id Component_Prog_Id Vendor_Information Clients Authentication_Port Accounting_Port - - IAS.IasHelper {46557888-4DB8-11d2-8ECE-00C04FC2F519} {46557889-4DB8-11d2-8ECE-00C04FC2F519} Component_Id Component_Prog_Id - - IAS.SdoVendor {46557888-4DB8-11d2-8ECE-00C04FC2F519} {46557889-4DB8-11d2-8ECE-00C04FC2F519} NAS_Vendor_Id - - IAS.SdoRadiusServerGroup {46557888-4DB8-11d2-8ECE-00C04FC2F519} {46557889-4DB8-11d2-8ECE-00C04FC2F519} Servers - - IAS.SdoRadiusServer {46557888-4DB8-11d2-8ECE-00C04FC2F519} {46557889-4DB8-11d2-8ECE-00C04FC2F519} Server_Accounting_Port Server_Authentication_Port Accounting_Secret Authentication_Secret Address Forward_Accounting_On_Off Priority Weight Timeout Maximum_Lost_Packets Blackout_Interval Send_Signature - - IAS.ProxyPolicyEnforcer {46557888-4DB8-11d2-8ECE-00C04FC2F519} {46557889-4DB8-11d2-8ECE-00C04FC2F519} Component_Id Component_Prog_Id NAP_Policies SHV_Templates_Configuration - - IAS.RadiusProxy {46557888-4DB8-11d2-8ECE-00C04FC2F519} {46557889-4DB8-11d2-8ECE-00C04FC2F519} Component_Id Component_Prog_Id Server_Groups - - IAS.DatabaseAccounting {46557888-4DB8-11d2-8ECE-00C04FC2F519} {46557889-4DB8-11d2-8ECE-00C04FC2F519} Component_Id Component_Prog_Id Log_Accounting_Packets Log_Interim_Accounting_Packets Log_Authentication_Packets SQL_Max_Sessions Log_Interim_Authentication_Packets - - IAS.SdoRemediationServerGroup {46557888-4DB8-11d2-8ECE-00C04FC2F519} {46557889-4DB8-11d2-8ECE-00C04FC2F519} Remediation_Servers - - IAS.SdoRemediationServer {46557888-4DB8-11d2-8ECE-00C04FC2F519} {46557889-4DB8-11d2-8ECE-00C04FC2F519} Remediation_Server_Address Remediation_Server_Friendly_Name - - IAS.SdoShvTemplate {46557888-4DB8-11d2-8ECE-00C04FC2F519} {46557889-4DB8-11d2-8ECE-00C04FC2F519} Shv_List Shv_Combination_Type - - IAS.PostQuarantineEvaluator {46557888-4DB8-11d2-8ECE-00C04FC2F519} {46557889-4DB8-11d2-8ECE-00C04FC2F519} Component_Id Component_Prog_Id Remediation_Server_Groups_Servers - - - - 3 96 8 255 - - 1025 450 9 - - 1026 450 9 - - 1027 450 9 - - 1028 450 9 - - 1029 450 9 - - 1024 1088 11 0 - - 1026 112 8 0 64 - - 1027 1088 3 0 - - 1028 64 8 - - 1024 64 8 - - 1027 3136 8 1813,1646 - - 1028 3136 8 1812,1645 - - 1029 2498 9 - - 1026 3136 11 1 - - 1027 3136 11 0 - - 1028 3136 11 0 - - 1026 3136 11 1 - - 1026 3136 11 0 - - 1027 3136 11 0 - - 1028 3136 11 0 - - 1029 3148 3 0 0 5 - - 1030 3148 3 10 1 100000 - - 1031 3184 8 1 255 %windir%\LogFiles - - 1032 3136 3 0 - - 1024 64 3 - - 1025 64 8 - - 1025 448 8 - - 1026 2242 9 - - 1024 576 8 - - 1025 64 3 - - 1028 112 8 1 255 - - 1029 193 9 - - 1030 450 9 - - 1024 450 9 - - 1036 192 0 - - 1024 320 3 - - 1030 450 9 - - 1030 450 9 - - 1031 450 9 - - 1024 450 9 - - 1024 450 9 - - 1026 1024 3 1813 - - 1027 0 8 - - 1024 1024 3 1812 - - 1025 1024 8 -
    - 1028 0 8
    - - 1029 1024 11 1 - - 1030 1024 3 1 - - 1031 1024 3 50 - - 1026 2242 9 - - 1032 1024 3 3 - - 1033 1024 3 5 - - 1034 1024 3 30 - - 1034 3072 11 0 - - 1035 2060 3 1 100 - - 1036 3072 11 0 - - 1029 1088 11 0 - - 1031 1088 11 1 - - 1032 450 9 - - 1024 450 9 - - 1024 0 8 - - 1025 0 8 - - 1033 450 9 - - 1025 112 8 1 255 - - 1024 1024 3 0 - - 1026 2242 9 - - 1027 2242 9 - - 1030 1088 11 1 - - 1035 1088 11 1 - - 1032 1088 3 0 - - - - - -
    Rakesh Kumar
    Friday, December 11, 2009 6:50 PM
  • Hi,

    I see this error:

    An Access-Request message was received from RADIUS client 192.168.0.1 with a message authenticator attribute that is not valid.

    Please check the shared secret on your switch and NPS and make sure they are both the same.

    This link has some information about this error: http://technet.microsoft.com/en-us/library/cc735343(WS.10).aspx

    -Greg

    Tuesday, December 15, 2009 2:19 AM