Сначала была злость потом отчаянье 3-я стадия пофигизм. Доброго времени суток. Не могу решить проблему авторицация по PEAP. В кишках уже сидит. Хочу сделать авторизацию людей на Wi-Fi по PEAP использую встроенный в 871W радиус сервер Вот конфига вот лог что делать я уже незнаю перерыл все
######################################################################################
aaa new-model
!
!
aaa group server radius rad_eap
server 10.0.0.1 auth-port 1812 acct-port 1813
!
aaa authentication login eap_methods group rad_eapinterface Dot11Radio0
ip address 10.0.0.1 255.255.255.0
!
encryption key 1 size 40bit 7 5FD518A21653 transmit-key
encryption mode wep mandatory
!
ssid SEC
authentication open eap eap_methods
guest-mode
radius-server local
nas 10.0.0.1 key 7 094F471A1A0A
user 1 nthash 7 055D5F56751F6D5C3C5344305F2856097A747C171700302447565005017A04062C
!
radius-server host 10.0.0.1 auth-port 1812 acct-port 1813 key 7 0822455D0A16
А вот собственно логи
#######################################################################################
009022: Feb 27 19:46:27.107 EET: dot11_auth_dot1x_start: in the dot11_auth_dot1x_start
009023: Feb 27 19:46:27.107 EET: dot11_auth_dot1x_send_id_req_to_client: sending identity request for 0016.b692.fa1c
009024: Feb 27 19:46:27.107 EET: dot11_auth_dot1x_send_id_req_to_client: Started timer client_timeout 30 seconds
009025: Feb 27 19:46:29.235 EET: dot11_auth_parse_client_pak: Received EAPOL packet from 0016.b692.fa1c
009026: Feb 27 19:46:29.239 EET: dot11_auth_dot1x_run_rfsm: Executing Action(CLIENT_WAIT,EAP_START) for 0016.b692.fa1c
009027: Feb 27 19:46:29.239 EET: dot11_auth_dot1x_send_id_req_to_client: sending identity request for 0016.b692.fa1c
009028: Feb 27 19:46:29.239 EET: dot11_auth_dot1x_send_id_req_to_client: Started timer client_timeout 30 seconds
009029: Feb 27 19:46:30.296 EET: dot11_auth_parse_client_pak: Received EAPOL packet from 0016.b692.fa1c
009030: Feb 27 19:46:30.296 EET: dot11_auth_dot1x_run_rfsm: Executing Action(CLIENT_WAIT,EAP_START) for 0016.b692.fa1c
009031: Feb 27 19:46:30.296 EET: dot11_auth_dot1x_send_id_req_to_client: sending identity request for 0016.b692.fa1c
009032: Feb 27 19:46:30.296 EET: dot11_auth_dot1x_send_id_req_to_client: Started timer client_timeout 30 seconds
009033: Feb 27 19:46:36.819 EET: dot11_auth_parse_client_pak: Received EAPOL packet from 0016.b692.fa1c
009034: Feb 27 19:46:36.819 EET: dot11_auth_dot1x_run_rfsm: Executing Action(CLIENT_WAIT,CLIENT_REPLY) for 0016.b692.fa1c
009035: Feb 27 19:46:36.819 EET: dot11_auth_dot1x_send_response_to_server: Sending client 0016.b692.fa1c data to server
009036: Feb 27 19:46:36.819 EET: dot11_auth_dot1x_send_response_to_server: Started timer server_timeout 60 seconds
009037: Feb 27 19:46:36.819 EET: RADIUS/ENCODE(00000582):Orig. component type = DOT11_AUTH
009038: Feb 27 19:46:36.819 EET: RADIUS: AAA Unsupported Attr: interface [158] 3
009039: Feb 27 19:46:36.819 EET: RADIUS: 36 [6]
009040: Feb 27 19:46:36.819 EET: RADIUS(00000582): Config NAS IP: 0.0.0.0
009041: Feb 27 19:46:36.819 EET: RADIUS/ENCODE(00000582): acct_session_id: 1390
009042: Feb 27 19:46:36.823 EET: RADIUS(00000582): sending
009043: Feb 27 19:46:36.823 EET: RADIUS/ENCODE: Best Local IP-Address 10.0.0.1 for Radius-Server 10.0.0.1
009044: Feb 27 19:46:36.823 EET: RADIUS(00000582): Send Access-Request to 10.0.0.1:1812 id 1645/214, len 116
009045: Feb 27 19:46:36.823 EET: RADIUS: authenticator 79 FE 58 88 71 63 6E 0C - D9 DB E4 8A 08 6E 3A 99
009046: Feb 27 19:46:36.823 EET: RADIUS: User-Name [1] 3 "1"
009047: Feb 27 19:46:36.823 EET: RADIUS: Framed-MTU [12] 6 1400
009048: Feb 27 19:46:36.823 EET: RADIUS: Called-Station-Id [30] 16 "001a.6d78.7520"
009049: Feb 27 19:46:36.823 EET: RADIUS: Calling-Station-Id [31] 16 "0016.b692.fa1c"
009050: Feb 27 19:46:36.823 EET: RADIUS: Service-Type [6] 6 Login [1]
009051: Feb 27 19:46:36.823 EET: RADIUS: Message-Authenticato[80] 18
009052: Feb 27 19:46:36.823 EET: RADIUS: 9B B5 BF 34 F0 16 20 09 7C ED A7 EA D8 72 36 64 [???4?? ?|????r6d]
009053: Feb 27 19:46:36.823 EET: RADIUS: EAP-Message [79] 8
009054: Feb 27 19:46:36.823 EET: RADIUS: 02 03 00 06 01 31 [?????1]
009055: Feb 27 19:46:36.823 EET: RADIUS: NAS-Port-Type [61] 6 802.11 wireless [19]
009056: Feb 27 19:46:36.823 EET: RADIUS: NAS-Port [5] 6 678
009057: Feb 27 19:46:36.823 EET: RADIUS: NAS-Port-Id [87] 5 "678"
009058: Feb 27 19:46:36.823 EET: RADIUS: NAS-IP-Address [4] 6 10.0.0.1
009059: Feb 27 19:46:36.827 EET: RADSRV 10.0.0.1> Code 1 Id D6 Len 116
009060: Feb 27 19:46:36.827 EET: Auth 79FE5888 71636E0C D9DBE48A 86E3A99
009061: Feb 27 19:46:36.827 EET: 1 - 1
009062: Feb 27 19:46:36.827 EET: 12 - 1400
009063: Feb 27 19:46:36.827 EET: 30 - 001a.6d78.7520
009064: Feb 27 19:46:36.827 EET: 31 - 0016.b692.fa1c
009065: Feb 27 19:46:36.827 EET: 6 - 00 00 00 01
009066: Feb 27 19:46:36.827 EET: 80 - 9B B5 BF 34 F0 16 20 09 7C ED A7 EA D8 72 36 64
009067: Feb 27 19:46:36.827 EET: 79 - 02 03 00 06 01 31
009068: Feb 27 19:46:36.827 EET: 61 - 19
009069: Feb 27 19:46:36.827 EET: 5 - 00 00 02 A6
009070: Feb 27 19:46:36.827 EET: 87 - 36 37 38
009071: Feb 27 19:46:36.827 EET: 4 - 10.0.0.1
009072: Feb 27 19:46:36.827 EET: RADSRV 10.0.0.1< Code 11 Id D6 Len 113
009073: Feb 27 19:46:36.827 EET: Auth 3E7FA2B5 DE53B501 9AC61F9F B115702A
009074: Feb 27 19:46:36.831 EET: 79 - 01 0C 00 11 11 01 00 08 69 C5 26 24 16 78 F1 C7 31
009075: Feb 27 19:46:36.831 EET: 27 - 00 00 00 0A
009076: Feb 27 19:46:36.831 EET: 24 - 69 C5 26 24 16 78 F1 C7 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 44 AC 2D 79 01 F2 9B BB 7A 54 85 B2 47 EB 21 27
009077: Feb 27 19:46:36.831 EET: 80 - 57 5F 43 A0 4F 15 A8 66 A5 63 81 51 AD 6C 48 28
009078: Feb 27 19:46:36.831 EET: RADIUS: Received from id 1645/214 10.0.0.1:1812, Access-Challenge, len 113
009079: Feb 27 19:46:36.831 EET: RADIUS: authenticator 3E 7F A2 B5 DE 53 B5 01 - 9A C6 1F 9F B1 15 70 2A
009080: Feb 27 19:46:36.831 EET: RADIUS: EAP-Message [79] 19
009081: Feb 27 19:46:36.831 EET: RADIUS: 01 0C 00 11 11 01 00 08 69 C5 26 24 16 78 F1 C7 [????????i?&$?x??]
009082: Feb 27 19:46:36.831 EET: RADIUS: 31 [1]
009083: Feb 27 19:46:36.831 EET: RADIUS: Session-Timeout [27] 6 10
009084: Feb 27 19:46:36.831 EET: RADIUS: State [24] 50
009085: Feb 27 19:46:36.835 EET: RADIUS: 69 C5 26 24 16 78 F1 C7 00 00 00 00 00 00 00 00 [i?&$?x??????????]
009086: Feb 27 19:46:36.835 EET: RADIUS: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [????????????????]
009087: Feb 27 19:46:36.835 EET: RADIUS: 44 AC 2D 79 01 F2 9B BB 7A 54 85 B2 47 EB 21 27 [D?-y????zT??G?!']
009088: Feb 27 19:46:36.835 EET: RADIUS: Message-Authenticato[80] 18
009089: Feb 27 19:46:36.835 EET: RADIUS: 57 5F 43 A0 4F 15 A8 66 A5 63 81 51 AD 6C 48 28 [W_C?O??f?c?Q?lH(]
009090: Feb 27 19:46:36.835 EET: RADIUS(00000582): Received from id 1645/214
009091: Feb 27 19:46:36.835 EET: RADIUS/DECODE: EAP-Message fragments, 17, total 17 bytes
009092: Feb 27 19:46:36.835 EET: dot11_auth_dot1x_parse_aaa_resp: Received server response: GET_CHALLENGE_RESPONSE
009093: Feb 27 19:46:36.835 EET: dot11_auth_dot1x_parse_aaa_resp: found eap pak in server response
009094: Feb 27 19:46:36.835 EET: dot11_auth_dot1x_parse_aaa_resp: found session timeout 10 sec
009095: Feb 27 19:46:36.835 EET: dot11_auth_dot1x_run_rfsm: Executing Action(SERVER_WAIT,SERVER_REPLY) for 0016.b692.fa1c
009096: Feb 27 19:46:36.835 EET: dot11_auth_dot1x_send_response_to_client: Forwarding server message to client 0016.b692.fa1c
009097: Feb 27 19:46:36.835 EET: dot11_auth_dot1x_send_response_to_client: Started timer client_timeout 10 seconds
009098: Feb 27 19:46:36.839 EET: dot11_auth_parse_client_pak: Received EAPOL packet from 0016.b692.fa1c
009099: Feb 27 19:46:36.839 EET: dot11_auth_dot1x_run_rfsm: Executing Action(CLIENT_WAIT,CLIENT_REPLY) for 0016.b692.fa1c
009100: Feb 27 19:46:36.839 EET: dot11_auth_dot1x_send_response_to_server: Sending client 0016.b692.fa1c data to server
009101: Feb 27 19:46:36.839 EET: dot11_auth_dot1x_send_response_to_server: Started timer server_timeout 60 seconds
009102: Feb 27 19:46:36.839 EET: RADIUS/ENCODE(00000582):Orig. component type = DOT11_AUTH
009103: Feb 27 19:46:36.839 EET: RADIUS: AAA Unsupported Attr: interface [158] 3
009104: Feb 27 19:46:36.839 EET: RADIUS: 36 [6]
009105: Feb 27 19:46:36.839 EET: RADIUS(00000582): Config NAS IP: 0.0.0.0
009106: Feb 27 19:46:36.839 EET: RADIUS/ENCODE(00000582): acct_session_id: 1390
009107: Feb 27 19:46:36.839 EET: RADIUS(00000582): sending
009108: Feb 27 19:46:36.839 EET: RADIUS/ENCODE: Best Local IP-Address 10.0.0.1 for Radius-Server 10.0.0.1
009109: Feb 27 19:46:36.843 EET: RADIUS(00000582): Send Access-Request to 10.0.0.1:1812 id 1645/215, len 166
009110: Feb 27 19:46:36.843 EET: RADIUS: authenticator 5C FA E2 34 33 0A 1A BB - 27 61 FD D8 C0 05 44 C8
009111: Feb 27 19:46:36.843 EET: RADIUS: User-Name [1] 3 "1"
009112: Feb 27 19:46:36.843 EET: RADIUS: Framed-MTU [12] 6 1400
009113: Feb 27 19:46:36.843 EET: RADIUS: Called-Station-Id [30] 16 "001a.6d78.7520"
009114: Feb 27 19:46:36.843 EET: RADIUS: Calling-Station-Id [31] 16 "0016.b692.fa1c"
009115: Feb 27 19:46:36.843 EET: RADIUS: Service-Type [6] 6 Login [1]
009116: Feb 27 19:46:36.843 EET: RADIUS: Message-Authenticato[80] 18
009117: Feb 27 19:46:36.843 EET: RADIUS: D5 0E 8B 18 E3 C8 32 5D 27 FD E8 E1 3C AD 84 DA [??????2]'???<???]
009118: Feb 27 19:46:36.843 EET: RADIUS: EAP-Message [79] 8
009119: Feb 27 19:46:36.843 EET: RADIUS: 02 0C 00 06 03 19 [??????]
009120: Feb 27 19:46:36.843 EET: RADIUS: NAS-Port-Type [61] 6 802.11 wireless [19]
009121: Feb 27 19:46:36.843 EET: RADIUS: NAS-Port [5] 6 678
009122: Feb 27 19:46:36.843 EET: RADIUS: NAS-Port-Id [87] 5 "678"
009123: Feb 27 19:46:36.843 EET: RADIUS: State [24] 50
009124: Feb 27 19:46:36.843 EET: RADIUS: 69 C5 26 24 16 78 F1 C7 00 00 00 00 00 00 00 00 [i?&$?x??????????]
009125: Feb 27 19:46:36.843 EET: RADIUS: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [????????????????]
009126: Feb 27 19:46:36.843 EET: RADIUS: 44 AC 2D 79 01 F2 9B BB 7A 54 85 B2 47 EB 21 27 [D?-y????zT??G?!']
009127: Feb 27 19:46:36.843 EET: RADIUS: NAS-IP-Address [4] 6 10.0.0.1
009128: Feb 27 19:46:36.847 EET: RADSRV 10.0.0.1> Code 1 Id D7 Len 166
009129: Feb 27 19:46:36.847 EET: Auth 5CFAE234 330A1ABB 2761FDD8 C00544C8
009130: Feb 27 19:46:36.847 EET: 1 - 1
009131: Feb 27 19:46:36.847 EET: 12 - 1400
009132: Feb 27 19:46:36.847 EET: 30 - 001a.6d78.7520
009133: Feb 27 19:46:36.847 EET: 31 - 0016.b692.fa1c
009134: Feb 27 19:46:36.847 EET: 6 - 00 00 00 01
009135: Feb 27 19:46:36.847 EET: 80 - D5 0E 8B 18 E3 C8 32 5D 27 FD E8 E1 3C AD 84 DA
009136: Feb 27 19:46:36.847 EET: 79 - 02 0C 00 06 03 19
009137: Feb 27 19:46:36.847 EET: 61 - 19
009138: Feb 27 19:46:36.847 EET: 5 - 00 00 02 A6
009139: Feb 27 19:46:36.847 EET: 87 - 36 37 38
009140: Feb 27 19:46:36.847 EET: 24 - 69 C5 26 24 16 78 F1 C7 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 44 AC 2D 79 01 F2 9B BB 7A 54 85 B2 47 EB 21 27
009141: Feb 27 19:46:36.847 EET: 4 - 10.0.0.1
009142: Feb 27 19:46:36.847 EET: RADSRV 10.0.0.1< Code 3 Id D7 Len 94
009143: Feb 27 19:46:36.847 EET: Auth 7E4FAE49 1AC929CA 8944D47B EFC8457E
009144: Feb 27 19:46:36.847 EET: 79 - 04 0C 00 04
009145: Feb 27 19:46:36.851 EET: 24 - 69 C5 26 24 16 78 F1 C7 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 44 AC 2D 79 01 F2 9B BB 7A 54 85 B2 47 EB 21 27
009146: Feb 27 19:46:36.851 EET: 80 - 44 42 1A 37 C1 E9 99 4E 76 78 9F 16 C4 3C 8D 11
009147: Feb 27 19:46:36.851 EET: RADIUS: Received from id 1645/215 10.0.0.1:1812, Access-Reject, len 94
009148: Feb 27 19:46:36.851 EET: RADIUS: authenticator 7E 4F AE 49 1A C9 29 CA - 89 44 D4 7B EF C8 45 7E
009149: Feb 27 19:46:36.851 EET: RADIUS: EAP-Message [79] 6
009150: Feb 27 19:46:36.851 EET: RADIUS: 04 0C 00 04 [????]
009151: Feb 27 19:46:36.851 EET: RADIUS: State [24] 50
009152: Feb 27 19:46:36.851 EET: RADIUS: 69 C5 26 24 16 78 F1 C7 00 00 00 00 00 00 00 00 [i?&$?x??????????]
009153: Feb 27 19:46:36.851 EET: RADIUS: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [????????????????]
009154: Feb 27 19:46:36.851 EET: RADIUS: 44 AC 2D 79 01 F2 9B BB 7A 54 85 B2 47 EB 21 27 [D?-y????zT??G?!']
009155: Feb 27 19:46:36.851 EET: RADIUS: Message-Authenticato[80] 18
009156: Feb 27 19:46:36.855 EET: RADIUS: 44 42 1A 37 C1 E9 99 4E 76 78 9F 16 C4 3C 8D 11 [DB?7???Nvx???<??]
009157: Feb 27 19:46:36.855 EET: RADIUS(00000582): Received from id 1645/215
009158: Feb 27 19:46:36.855 EET: RADIUS/DECODE: EAP-Message fragments, 4, total 4 bytes
009159: Feb 27 19:46:36.855 EET: dot11_auth_dot1x_parse_aaa_resp: Received server response: FAIL
009160: Feb 27 19:46:36.855 EET: dot11_auth_dot1x_parse_aaa_resp: found eap pak in server response
009161: Feb 27 19:46:36.855 EET: dot11_auth_dot1x_run_rfsm: Executing Action(SERVER_WAIT,SERVER_FAIL) for 0016.b692.fa1c
009162: Feb 27 19:46:36.855 EET: dot11_auth_dot1x_send_response_to_client: Forwarding server message to client 0016.b692.fa1c
009163: Feb 27 19:46:36.855 EET: dot11_auth_dot1x_send_response_to_client: Started timer client_timeout 10 seconds
009164: Feb 27 19:46:36.855 EET: dot11_auth_dot1x_send_client_fail: Authentication failed for 0016.b692.fa1c
009165: Feb 27 19:46:36.859 EET: %DOT11-7-AUTH_FAILED: Station 0016.b692.fa1c Authentication failed
Кто чем может любіе советі или примеры рабочего конфига
Вариант для распечатки
Маршрутизаторы CISCO и др. оборудование. (Public)
(??) on 27-Фев-07, 17:52 
