Test local radius on AP


It’s possible to test the local radius with a command. BUT… there is one restriction.
To have a pass, the local user must use the same password as the username otherwise you’ll see an error :

HomeOffice1242(config)#radius-server local
HomeOffice1242(config-radsrv)#user testuser pass cisco
HomeOffice1242(config-radsrv)#end

HomeOffice1242#test aaa group rad_eap1 leapuser4 cisco new
*Mar 1 00:41:30.730: %SYS-5-CONFIG_I: Configured from console by cisco on vtestuser testuser new
Trying to authenticate with Servergroup rad_eap1

HomeOffice1242#
*Mar 1 00:41:34.698: RADIUS/ENCODE(00000000):Orig. component type = INVALID
*Mar 1 00:41:34.698: RADIUS: AAA Unsupported Attr: interface [157] 0
*Mar 1 00:41:34.698: RADIUS/ENCODE: Skip encoding 0 length AAA attribute interface
*Mar 1 00:41:34.698: RADIUS/ENCODE(00000000): dropping service type, “radius-server attribute 6 on-for-login-auth” is off
*Mar 1 00:41:34.699: RADIUS(00000000): Config NAS IP: 192.168.22.61
*Mar 1 00:41:34.699: RADIUS(00000000): Config NAS IP: 192.168.22.61
*Mar 1 00:41:34.699: RADIUS(00000000): sending
*Mar 1 00:41:34.699: RADIUS(00000000): Send Access-Request to 192.168.22.61:1812 id 1645/27, len 76
*Mar 1 00:41:34.699: RADIUS: authenticator 7D 75 C1 E3 B7 19 A2 13 – E5 F0 86 7A EC 1A BD B7
*Mar 1 00:41:34.700: RADIUS: User-Password [2] 18 *
*Mar 1 00:41:34.700: RADIUS: User-Name [1] 10 “testuser”
*Mar 1 00:41:34.700: RADIUS: NAS-Port [5] 6 60000
*Mar 1 00:41:34.700: RADIUS: NAS-IP-Address [4] 6 192.168.22.61
*Mar 1 00:41:34.700: RADIUS: Nas-Identifier [32] 16 “HomeOffice1242”
*Mar 1 00:41:34.701: RADSRV 192.168.22.61> Code 1 Id 1B Len 76
*Mar 1 00:41:34.701: Auth 7D75C1E3 B719A213 E5F0867A EC1ABDB7
*Mar 1 00:41:34.701: 2 – 50 3B 63 1A 8D 39 D5 B5 FD CC F0 58 C1 A3 44 44
*Mar 1 00:41:34.701: 1 – testuser
*Mar 1 00:41:34.701: 5 – 00 00 EA 60
*Mar 1 00:41:34.702: 4 – 192.168.22.61
*Mar 1 00:41:34.702: 32 – HomeOffice1242
*Mar 1 00:41:34.702: RADSRV: Client testuser password failed
*Mar 1 00:41:34.702: RADSRV 192.168.22.61< Code 3 Id 1B Len 88
*Mar 1 00:41:34.702: Auth 69A1EC91 FFD7578B 940C67F7 B1BC1C89
*Mar 1 00:41:34.702: 24 – FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 27 51 15 61 39 C7 46 73 0D D6 46 05 7A F9 AA D1
*Mar 1 00:41:34.703: 80 – DD 71 B5 B5 05 0F 79 C4 FB 12 FB 23 72 D2 73 3D
*Mar 1 00:41:34.704: RADIUS: Received from id 1645/27 192.168.22.61:1812, Access-Reject, len 88
*Mar 1 00:41:34.704: RADIUS: authenticator 69 A1 EC 91 FF D7 57 8B – 94 0C 67 F7 B1 BC 1C 89
*Mar 1 00:41:34.704: RADIUS: State [24] 50
*Mar 1 00:41:34.705: RADIUS: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF [????????????????]
*Mar 1 00:41:34.705: RADIUS: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF [????????????????]
*Mar 1 00:41:34.705: RADIUS: 27 51 15 61 39 C7 46 73 0D D6 46 05 7A F9 AA D1 ['Q?a9?Fs??F?z???]
*Mar 1 00:41:34.705: RADIUS: Message-Authenticato[80] 18
*Mar 1 00:41:34.705: RADIUS: DD 71 B5 B5 05 0F 79 C4 FB 12 FB 23 72 D2 73 3D [?q????y????#r?s=]
*Mar 1 00:41:34.706: RADIUS(00000000): Received from id 1645/27
*Mar 1 00:41:34.706: RADIUS(00000000): Unique id not in use
*Mar 1 00:41:34.706: RADIUS/DECODE(00000000): There is no RADIUS DB Some Radius attributes may not be storedUser rejected

HomeOffice1242#conf t
Enter configuration commands, one per line. End with CNTL/Z.
HomeOffice1242(config)#radius-server loca
HomeOffice1242(config-radsrv)#user testuser pass testuser
HomeOffice1242(config-radsrv)#end
HomeOffice1242#test aaa group rad_eap1 testuser testuser new
*Mar 1 00:41:54.976: %SYS-5-CONFIG_I: Configured from console by cisco on vty1 (192.168.1.104)
Trying to authenticate with Servergroup rad_eap1
User successfully authenticated

HomeOffice1242#
*Mar 1 00:41:58.368: RADIUS/ENCODE(00000000):Orig. component type = INVALID
*Mar 1 00:41:58.368: RADIUS: AAA Unsupported Attr: interface [157] 0
*Mar 1 00:41:58.368: RADIUS/ENCODE: Skip encoding 0 length AAA attribute interface
*Mar 1 00:41:58.368: RADIUS/ENCODE(00000000): dropping service type, “radius-server attribute 6 on-for-login-auth” is off
*Mar 1 00:41:58.368: RADIUS(00000000): Config NAS IP: 192.168.22.61
*Mar 1 00:41:58.368: RADIUS(00000000): Config NAS IP: 192.168.22.61
*Mar 1 00:41:58.369: RADIUS(00000000): sending
*Mar 1 00:41:58.369: RADIUS(00000000): Send Access-Request to 192.168.22.61:1812 id 1645/28, len 76
*Mar 1 00:41:58.369: RADIUS: authenticator C1 62 89 D7 CA 71 DF C6 – 70 0B 2E B9 25 FC DD D1
*Mar 1 00:41:58.369: RADIUS: User-Password [2] 18 *
*Mar 1 00:41:58.369: RADIUS: User-Name [1] 10 “testuser”
*Mar 1 00:41:58.369: RADIUS: NAS-Port [5] 6 60000
*Mar 1 00:41:58.370: RADIUS: NAS-IP-Address [4] 6 192.168.22.61
*Mar 1 00:41:58.370: RADIUS: Nas-Identifier [32] 16 “HomeOffice1242”
*Mar 1 00:41:58.370: RADSRV 192.168.22.61> Code 1 Id 1C Len 76
*Mar 1 00:41:58.371: Auth C16289D7 CA71DFC6 700B2EB9 25FCDDD1
*Mar 1 00:41:58.371: 2 – 47 51 06 47 9C 2B E3 15 8D 5A BE A3 59 AF B6 C8
*Mar 1 00:41:58.371: 1 – testuser
*Mar 1 00:41:58.371: 5 – 00 00 EA 60
*Mar 1 00:41:58.371: 4 – 192.168.22.61
*Mar 1 00:41:58.371: 32 – HomeOffice1242
*Mar 1 00:41:58.372: RADSRV 192.168.22.61< Code 2 Id 1C Len 116
*Mar 1 00:41:58.372: Auth 4FF5980 5D3E64D6 254C566A FC112697
*Mar 1 00:41:58.372: 24 – FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 27 51 15 61 39 C7 46 73 0D D6 46 05 7A F9 AA D1
*Mar 1 00:41:58.373: 1 – testuser
*Mar 1 00:41:58.373: 80 – 2E D9 75 27 85 9D 02 32 71 FE F7 A1 12 E4 34 04
*Mar 1 00:41:58.373: RADIUS: Received from id 1645/28 192.168.22.61:1812, Access-Accept, len 116
*Mar 1 00:41:58.373: RADIUS: authenticator 04 FF 59 80 5D 3E 64 D6 – 25 4C 56 6A FC 11 26 97
*Mar 1 00:41:58.374: RADIUS: State [24] 50
*Mar 1 00:41:58.374: RADIUS: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF [????????????????]
*Mar 1 00:41:58.374: RADIUS: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF [????????????????]
*Mar 1 00:41:58.374: RADIUS: 27 51 15 61 39 C7 46 73 0D D6 46 05 7A F9 AA D1 ['Q?a9?Fs??F?z???]
*Mar 1 00:41:58.374: RADIUS: User-Name [1] 28 "testuser "
*Mar 1 00:41:58.375: RADIUS: Message-Authenticato[80] 18
*Mar 1 00:41:58.375: RADIUS: 2E D9 75 27 85 9D 02 32 71 FE F7 A1 12 E4 34 04 [.?u'???2q?????4?]
*Mar 1 00:41:58.375: RADIUS(00000000): Received from id 1645/28
*Mar 1 00:41:58.375: RADIUS(00000000): Unique id not in use
*Mar 1 00:41:58.375: RADIUS/DECODE(00000000): There is no RADIUS DB Some Radius attributes may not be stored
HomeOffice1242#

Tags: , , ,

About Joost van der Made

Me

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: