牛顿第二运动定律定律×2÷36√1≌75×0.568＝？

面相 | 海贼王 | 牙齿矫正 | 徐州市 | 虚拟专用服务器 | Windows 7 | 疤痕修复 | 方言 | 幼儿教育 | 英文歌曲 | 武术 | 餐饮 | 口臭 | 冬奥会 | 化疗 | 汽车音响 | 休学 | 片尾 | 骨折 | 电子技术研发 | 胃炎 | 姓氏 | 过敏性鼻炎 | 房贷 | 身高 | 加湿器 | 雅马哈 | 金平区 | 马鞍山市 | 取名 | 美杜莎 | 韩国 | 饮食 | 怀集县 | 牙套 | 古琴 | 语言学习 | 坦克 | 体检 | 冠心病 | 书籍 | 寺庙 | 美国电影 | 驾驶经验 | 寓言 | 学术 | 坐月子 | 日语语法 | 山东艺术学院 | 类风湿 | 手相 | 乳腺癌 | 运动损伤 | 自卑 | 房山 | 辩论赛 | 机械键盘 | 大学专业选择 | 塑料制品 | 护发 | 眼袋 | 肺癌 | 血型 | 玄幻小说 | 华为路由器 | 温州市 | 留学香港 | 大学生就业 | 大学生创业 | 城市规划 | 美术生 | 一体机 | 率土之滨 | r（编程语言） | 发音 | 记忆力 | 散光 | 互联网公司 | 西班牙语 | 口腔溃疡 | 汉语 | 观后感 | 留学生 | 参考文献 | 印度 | 中耳炎 | 澳门特别行政区 | 近视手术 | 尧山 | 荨麻疹 | 花卉 | 特许加盟 | 烹饪学校 | 设计院 | 岳阳县 | 婴儿喂养 | 痛风 | 营销策划 | 狐臭 | 失眠 | 眼科学 | 药品 | 欧美 | 弱视 | 童年 | 丙肝 | 合生元 | 男生 | 材料 | 中央戏剧学院 | 葡萄酒 | 网络推广 | 胃痛 | 酒文化 | 脱发 | 情绪管理 | 花样姐姐 | 示波器 | 胶原蛋白 | 痤疮 | 自驾游 | 孩子 | 马克思主义哲学 | 大学就读体验 | 美国留学 | 本科毕业论文 | 白内障 | 精神分裂症 | 在线教育 | 无线耳机 | 发动机 | win8 | 桥梁 | 非洲 | 婚恋网站 | 驾驶技术 | 敏感皮肤 | 学车 | 武昌区 | 整形 | 红酒 | 语言学 | Android手机 | 拉丁舞 | 猪肉 | 大学军训 | 高效学习 | 手绘 | 法国 | 刑事案件 | 胃病 | 牙科医院 | 宁夏回族自治区 | 邳州市 | 国家 | 口红 | 尿毒症 | 时间管理 | 事业单位考试 | 迅雷（软件） | 中国科学技术大学 | 康佳 | 西装 | 蓝河 | 肺气肿 | 地黄 | 外貌 | 高中化学 | 励志故事 | 小吃 | 关节炎 | 驻马店市 | 鲁迅美术学院 | 交警 | 发电 | 皮肤保养 | 文玩 | 轮胎 | 山东工艺美术学院 | 钢笔 | 食道癌 | 校服 | 酵素 | 日本漫画 | 非典 | 服装行业 | 数控车床 | 毕业论文 | 蓝莓 | 七田真 | 配方奶粉 | 头痛 | 枸杞 | 孕妇装 | 儿童 | 婴儿车 | 西医 | 本田（honda） | 研究生导师 | 美白 |

你的位置：网站首页 >> 频道首页 >>理工学科 >>牛顿第二运动定律定律×2÷36√1≌75×0.568＝？

牛顿第二运动定律定律×2÷36√1≌75×0.568＝？

来源：蜘蛛抓取(WebSpider) 时间：2015-01-24 18:19 标签：牛顿第一定律ppt

计算(1)9/-72=-(72÷9)=-8(2)-45/-30=-(45÷30)=-3/2(3)-75/0=0÷(-75)=0(4)(-36又11/9)÷9=(-36+11/9)×9/1=-36×9/1+11/9×9/1=-4+11/1=-(3又11/11-11/1)=-(11/33-11/1)=-11/32=2又11/10(5)(-12)÷(-4)÷(-1又5/1)=3÷(-5/6)=3×(-6/5)=-10大家手做的对_百度作业帮
计算(1)9/-72=-(72÷9)=-8(2)-45/-30=-(45÷30)=-3/2(3)-75/0=0÷(-75)=0(4)(-36又11/9)÷9=(-36+11/9)×9/1=-36×9/1+11/9×9/1=-4+11/1=-(3又11/11-11/1)=-(11/33-11/1)=-11/32=2又11/10(5)(-12)÷(-4)÷(-1又5/1)=3÷(-5/6)=3×(-6/5)=-10大家手做的对
计算(1)9/-72=-(72÷9)=-8(2)-45/-30=-(45÷30)=-3/2(3)-75/0=0÷(-75)=0(4)(-36又11/9)÷9=(-36+11/9)×9/1=-36×9/1+11/9×9/1=-4+11/1=-(3又11/11-11/1)=-(11/33-11/1)=-11/32=2又11/10(5)(-12)÷(-4)÷(-1又5/1)=3÷(-5/6)=3×(-6/5)=-10大家手做的对么?
对以后二分之一不能写成2/1应写为1/2错(-12)÷(-4)÷(-1又5/1) =3÷(-5/6) =3×(-6/5) =-2又1/2（二分之一）
都不对(1)9/-72=-(9÷72)=-1/8 (2)-45/-30=45÷30=3/2 (3)-75/0无意义(4) (-36又11/9)÷9 =(-36-11/9)×1/9=-36×1/9-11/9×1/9 =-4-11/81=-4又11/81(5) (-12)÷(-4)÷(-1又1...Debug Authentications - Cisco
Debug Authentications
Wireless communication uses authentication in many ways. The most common authentication type is Extensible Authentication Protocol (EAP) in different types and forms. Other authentication types include MAC address authentication and administrative authentication. This document describes how to debug and interpret the output from debug authentications. The information from these debugs is invaluable when you troubleshoot wireless installations.
Note:&The portions of this document that refer to non-Cisco products are based on the experience of the author, not on formal training. They are intended for your convenience and not as technical support. For authoritative technical support on non-Cisco products, contact the technical support for that product.
Cisco recommends that you have knowledge of these topics:
Authentication as it relates to wireless networks
Cisco IOS& software command-line interface (CLI)
RADIUS server configuration
The information in this document is based on these software and hardware versions:
Cisco IOS software-based wireless products of any model and version
Hilgraeve HyperTerminal
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.
for more information on document conventions.
If you cannot capture and analyze debug information, the information is useless. The easiest way to capture this data is with a screen-capture function that is built into the Telnet or communications application.
This example describes how to capture output with the
application. Most Microsoft Windows operating systems include HyperTerminal, but you can apply the concepts to any terminal emulation application. For more complete information on the application, refer to
Complete these steps in order to configure HyperTerminal to communicate with your access point (AP) or bridge:
In order to open HyperTerminal, choose Start & Programs & System Tools & Communications & HyperTerminal. Figure 1 – HyperTerminal Launch
When HyperTerminal opens, complete these steps:
Enter a name for the connection.
Choose an icon.
For Telnet connections, complete these steps:
From the Connect Using drop-down menu, choose TCP/IP.
Enter the IP address of the device where you want to run the debugs.
Click OK. Figure 2 – Telnet Connection
For console connections, complete these steps:
From the Connect Using drop-down menu, choose the COM port where the console cable is connected.
Click OK. The property sheet for the connection appears.
Set the speed for the connection to the console port.
In order to restore the default port settings, click Restore Defaults.
Note:&Most Cisco products follow the default port settings.
The default port settings are:
Bits per second—9600
Data bits—8
Parity—None
Stop bits—1
Flow control—None
Figure 3 – COM1 Properties
At this point, the Telnet or console connection establishes, and you are prompted for a user name and password.
Note:&Cisco Aironet equipment assigns both a default user name and password of Cisco (case sensitive).
In order to run debugs, complete these steps:
Issue the enable command in order to enter privileged mode.
Enter the enable password.
Note:&Remember that the default password for Aironet equipment is Cisco (case sensitive).
Note:&In order to see the output of debugs from a Telnet session, use the terminal monitor or term mon command in order to turn on the terminal monitor. Figure 4 – Connected Telnet Session
After you establish a connection, complete these steps in order to collect a screen capture:
Choose Capture Text from the Transfer menu. Figure 5 – Save a Screen Capture
When a dialog box opens that prompts you for a file name for the output, enter a file name.
Complete these steps in order to disable the screen wrap:
Note:&You can read the debugs more easily when you disable the screen wrap.
From the HyperTerminal menu, choose File.
Choose Properties.
On the connection property sheet, click the Settings tab.
Click ASCII Setup.
Uncheck Wrap lines that exceed terminal width.
In order to close the ASCII Settings, click OK.
In order to close the connection property sheet, click OK. Figure 6 – ASCII Settings
Now that you can capture any screen output to a text file, the debugs that you run depend on what is negotiated. The next sections of this document describe the type of negotiated connection provided by the debugs.
These debugs are the most helpful for EAP authentications:
debug radius authentication—The outputs of this debug start with this word: RADIUS.
debug dot11 aaa authenticator process—The outputs of this debug start with this text: dot11_auth_dot1x_.
debug dot11 aaa authenticator state-machine—The outputs of this debug start with this text: dot11_auth_dot1x_run_rfsm.
These debugs show:
What is reported during the RADIUS portions of an authentication dialog
The actions that are taken during that authentication dialog
The various states through which the authentication dialog transitions
This example shows a successful Light EAP (LEAP) authentication:
Successful EAP Authentication Example
8 17:45:48.208: dot11_auth_dot1x_start: in the dot11_auth_dot1x_start
8 17:45:48.208: dot11_auth_dot1x_send_id_req_to_client:
sending identity request for .304f
8 17:45:48.208: dot11_auth_dot1x_send_id_req_to_client:
Started timer client_timeout 30 seconds
8 17:45:48.210: dot11_auth_parse_client_pak:
Received EAPOL packet from .304f
8 17:45:48.210: dot11_auth_dot1x_run_rfsm:
Executing Action(CLIENT_WAIT,EAP_START) for .304f
8 17:45:48.210: dot11_auth_dot1x_send_id_req_to_client:
sending identity request for .304f
8 17:45:48.210: dot11_auth_dot1x_send_id_req_to_client:
Started timer client_timeout 30 seconds
8 17:45:48.212: dot11_auth_parse_client_pak:
Received EAPOL packet from .304f
8 17:45:48.212: dot11_auth_parse_client_pak:
id is not matching req-id:1resp-id:2, waiting for response
8 17:45:48.213: dot11_auth_parse_client_pak:
Received EAPOL packet from .304f
8 17:45:48.213: dot11_auth_dot1x_run_rfsm:
Executing Action(CLIENT_WAIT,CLIENT_REPLY) for .304f
8 17:45:48.214: dot11_auth_dot1x_send_response_to_server:
Sending client .304f data to server
8 17:45:48.214: dot11_auth_dot1x_send_response_to_server:
tarted timer server_timeout 60 seconds
8 17:45:48.214: RADIUS:
AAA Unsupported
8 17:45:48.214: RADIUS:
6C 61 62 61 70 31 32 30 30 69 70 31
[labap1200ip1]
8 17:45:48.215: RADIUS:
AAA Unsupported
8 17:45:48.215: RADIUS(0000001C): Storing nasport 17 in rad_db
8 17:45:48.215: RADIUS(0000001C): Config NAS IP: 10.0.0.102
8 17:45:48.215: RADIUS/ENCODE(0000001C): acct_session_id: 28
8 17:45:48.216: RADIUS(0000001C): Config NAS IP: 10.0.0.102
8 17:45:48.216: RADIUS(0000001C): sending
8 17:45:48.216: RADIUS(0000001C): Send Access-Request
to 10.0.0.3:1645 id 21645/93, len 139
8 17:45:48.216: RADIUS:
authenticator 92 26 A8 31 ED 60 6A 88
- 84 8C 80 B2 B8 26 4C 04
8 17:45:48.216: RADIUS:
8 17:45:48.216: RADIUS:
Framed-MTU
8 17:45:48.217: RADIUS:
Called-Station-Id
8 17:45:48.217: RADIUS:
Calling-Station-Id
8 17:45:48.217: RADIUS:
Service-Type
8 17:45:48.217: RADIUS:
Message-Authenticato[80]
8 17:45:48.217: RADIUS:
EAP-Message
8 17:45:48.218: RADIUS:
02 02 00 0C 01 61 69 72 6F 6E 65 74
[?????aironet]
8 17:45:48.218: RADIUS:
NAS-Port-Type
8 17:45:48.218: RADIUS:
8 17:45:48.218: RADIUS:
NAS-IP-Address
10.0.0.102
8 17:45:48.218: RADIUS:
Nas-Identifier
8 17:45:48.224: RADIUS: Received from id .0.0.3:1645,
Access-Challenge, len 69
8 17:45:48.224: RADIUS:
authenticator C8 6D 9B B3 67 60 44 29
- CC AB 39 DE 00 A9 A8 CA
8 17:45:48.224: RADIUS:
EAP-Message
8 17:45:48.224: RADIUS:
01 43 00 17 11 01 00 08 63 BB E7 8C 0F AC EB 9A
[?C??????c???????]
8 17:45:48.225: RADIUS:
61 69 72 6F 6E 65 74
8 17:45:48.225: RADIUS:
Session-Timeout
8 17:45:48.225: RADIUS:
Message-Authenticato[80]
8 17:45:48.226: RADIUS(0000001C): Received from id 21645/93
8 17:45:48.226: RADIUS/DECODE: EAP-Message fragments, 23, total 23 bytes
8 17:45:48.226: dot11_auth_dot1x_parse_aaa_resp:
Received server response: GET_CHALLENGE_RESPONSE
8 17:45:48.226: dot11_auth_dot1x_parse_aaa_resp: found eap pak in
server response
8 17:45:48.226: dot11_auth_dot1x_parse_aaa_resp: found session timeout
8 17:45:48.227: dot11_auth_dot1x_run_rfsm:
Executing Action(SERVER_WAIT,SERVER_REPLY) for
8 17:45:48.227: dot11_auth_dot1x_send_response_to_client:
Forwarding server message to client .304f
8 17:45:48.227: dot11_auth_dot1x_send_response_to_client:
Started timer client_timeout 20 seconds
8 17:45:48.232: dot11_auth_parse_client_pak:
Received EAPOL packet from .304f
8 17:45:48.232: dot11_auth_dot1x_run_rfsm: Executing Action
(CLIENT_WAIT,CLIENT_REPLY) for .304f
8 17:45:48.232: dot11_auth_dot1x_send_response_to_server:
Sending client .304f data to server
8 17:45:48.232: dot11_auth_dot1x_send_response_to_server:
Started timer server_timeout 60 seconds
8 17:45:48.233: RADIUS:
AAA Unsupported
8 17:45:48.234: RADIUS:
6C 61 62 61 70 31 32 30 30 69 70 31
[labap1200ip1]
8 17:45:48.234: RADIUS:
AAA Unsupported
8 17:45:48.234: RADIUS(0000001C): Using existing nas_port 17
8 17:45:48.234: RADIUS(0000001C): Config NAS IP: 10.0.0.102
8 17:45:48.234: RADIUS/ENCODE(0000001C): acct_session_id: 28
8 17:45:48.234: RADIUS(0000001C): Config NAS IP: 10.0.0.102
8 17:45:48.234: RADIUS(0000001C): sending
8 17:45:48.234: RADIUS(0000001C): Send Access-Request to
10.0.0.3:1645 id 21645/94, len 166
8 17:45:48.235: RADIUS:
authenticator 93 B5 CC B6 41 97 A0 85
- 1B 4D 13 0F 6A EE D4 11
8 17:45:48.235: RADIUS:
8 17:45:48.235: RADIUS:
Framed-MTU
8 17:45:48.236: RADIUS:
Called-Station-Id
8 17:45:48.236: RADIUS:
Calling-Station-Id
8 17:45:48.236: RADIUS:
Service-Type
8 17:45:48.236: RADIUS:
Message-Authenticato[80]
8 17:45:48.236: RADIUS:
EAP-Message
8 17:45:48.236: RADIUS:
02 43 00 27 11 01 00 18 30 9F 55 AF 05 03 71 7D
[?C?'????0?U???q}]
8 17:45:48.236: RADIUS:
25 41 1B B0 F4 A9 7C EE F5 51 24 9A FC 6D 51 6D
[?A????|??Q$??mQm]
8 17:45:48.237: RADIUS:
61 69 72 6F 6E 65 74
8 17:45:48.237: RADIUS:
NAS-Port-Type
8 17:45:48.237: RADIUS:
8 17:45:48.238: RADIUS:
NAS-IP-Address
10.0.0.102
8 17:45:48.238: RADIUS:
Nas-Identifier
8 17:45:48.242: RADIUS: Received from id .0.0.3:1645,
Access-Challenge, len 50
8 17:45:48.243: RADIUS:
authenticator 59 2D EE 24 CF B2 87 AF
- 86 D0 C9 00 79 BE 6E 1E
8 17:45:48.243: RADIUS:
EAP-Message
8 17:45:48.243: RADIUS:
03 43 00 04
8 17:45:48.244: RADIUS:
Session-Timeout
8 17:45:48.244: RADIUS:
Message-Authenticato[80]
8 17:45:48.244: RADIUS(0000001C): Received from id 21645/94
8 17:45:48.244: RADIUS/DECODE: EAP-Message fragments, 4, total 4 bytes
8 17:45:48.244: dot11_auth_dot1x_parse_aaa_resp:
Received server response: GET_CHALLENGE_RESPONSE
8 17:45:48.245: dot11_auth_dot1x_parse_aaa_resp:
found eap pak in server response
8 17:45:48.245: dot11_auth_dot1x_parse_aaa_resp:
found session timeout 20 sec
8 17:45:48.245: dot11_auth_dot1x_run_rfsm:
Executing Action(SERVER_WAIT,SERVER_REPLY)
8 17:45:48.245: dot11_auth_dot1x_send_response_to_client:
Forwarding server message to client .304f
8 17:45:48.246: dot11_auth_dot1x_send_response_to_client:
Started timer client_timeout 20 seconds
8 17:45:48.249: dot11_auth_parse_client_pak:
Received EAPOL packet from .304f
8 17:45:48.250: dot11_auth_dot1x_run_rfsm:
Executing Action(CLIENT_WAIT,CLIENT_REPLY) for .304f
8 17:45:48.250: dot11_auth_dot1x_send_response_to_server:
Sending client .304f data to server
8 17:45:48.250: dot11_auth_dot1x_send_response_to_server:
Started timer server_timeout 60 seconds
8 17:45:48.250: RADIUS:
AAA Unsupported
8 17:45:48.251: RADIUS:
6C 61 62 61 70 31 32 30 30 69 70 31
[labap1200ip1]
8 17:45:48.251: RADIUS:
AAA Unsupported
8 17:45:48.251: RADIUS(0000001C): Using existing nas_port 17
8 17:45:48.252: RADIUS(0000001C): Config NAS IP: 10.0.0.102
8 17:45:48.252: RADIUS/ENCODE(0000001C): acct_session_id: 28
8 17:45:48.252: RADIUS(0000001C): Config NAS IP: 10.0.0.102
8 17:45:48.252: RADIUS(0000001C): sending
8 17:45:48.252: RADIUS(0000001C): Send Access-Request to
10.0.0.3:1645 id 21645/95, len 150
8 17:45:48.252: RADIUS:
authenticator 39 1C A5 EF 86 9E BA D1
- 50 FD 58 80 A8 8A BC 2A
8 17:45:48.253: RADIUS:
8 17:45:48.253: RADIUS:
Framed-MTU
8 17:45:48.253: RADIUS:
Called-Station-Id
8 17:45:48.253: RADIUS:
Calling-Station-Id
8 17:45:48.254: RADIUS:
Service-Type
8 17:45:48.254: RADIUS:
Message-Authenticato[80]
8 17:45:48.254: RADIUS:
EAP-Message
8 17:45:48.254: RADIUS:
01 43 00 17 11 01 00 08 50 9A 67 2E 7D 26 75 AA
[?C??????P?g.}&u?]
8 17:45:48.254: RADIUS:
61 69 72 6F 6E 65 74
8 17:45:48.254: RADIUS:
NAS-Port-Type
8 17:45:48.254: RADIUS:
8 17:45:48.255: RADIUS:
NAS-IP-Address
10.0.0.102
8 17:45:48.255: RADIUS:
Nas-Identifier
8 17:45:48.260: RADIUS: Received from id .0.0.3:1645,
Access-Accept, len 206
8 17:45:48.260: RADIUS:
authenticator 39 13 3C ED FC 02 68 63
- 24 13 1B 46 CF 93 B8 E3
8 17:45:48.260: RADIUS:
Framed-IP-Address
255.255.255.255
8 17:45:48.261: RADIUS:
EAP-Message
8 17:45:48.261: RADIUS:
02 00 00 27 11 01 00 18 FA 53 D0 29 6C 9D 66 8E
[???'?????S?)l?f?]
8 17:45:48.262: RADIUS:
C4 A3 CD 54 08 8C 35 7C 74 0C 6A EF D4 6D 30 A4
[???T??5|t?j??m0?]
8 17:45:48.262: RADIUS:
61 69 72 6F 6E 65 74
8 17:45:48.262: RADIUS:
Vendor, Cisco
8 17:45:48.262: RADIUS:
Cisco AVpair
&leap:session-key=G:3mwerAEJNYH-JxI,&
8 17:45:48.262: RADIUS:
Vendor, Cisco
8 17:45:48.262: RADIUS:
Cisco AVpair
&auth-algo-type=eap-leap&
8 17:45:48.262: RADIUS:
8 17:45:48.263: RADIUS:
43 49 53 43 4F 41 43 53 3A 30 30 30 30 31 64 36
[CISCOACS:00001d6]
8 17:45:48.263: RADIUS:
33 2F 30 61 30 30 30 30 36 36 2F 31 37
8 17:45:48.263: RADIUS:
Message-Authenticato[80]
8 17:45:48.264: RADIUS(0000001C): Received from id 21645/95
8 17:45:48.264: RADIUS/DECODE: EAP-Message fragments, 39, total 39 bytes
8 17:45:48.264: found leap session key
8 17:45:48.265: dot11_auth_dot1x_parse_aaa_resp:
Received server response: PASS
8 17:45:48.265: dot11_auth_dot1x_parse_aaa_resp:
found eap pak in server response
8 17:45:48.265: dot11_auth_dot1x_parse_aaa_resp:
found leap session key in server response
8 17:45:48.265: dot11_auth_dot1x_parse_aaa_resp:
leap session key length 16
8 17:45:48.266: dot11_auth_dot1x_run_rfsm:
Executing Action(SERVER_WAIT,SERVER_PASS) for .304f
8 17:45:48.266: dot11_auth_dot1x_send_response_to_client:
Forwarding server message to client .304f
8 17:45:48.266: dot11_auth_dot1x_send_response_to_client:
Started timer client_timeout 20 seconds
8 17:45:48.266: %DOT11-6-ASSOC: Interface Dot11Radio0,
Station RKIBBE-W2K4 .304f Associated KEY_MGMT[NONE]
Notice the flow in the
state-machine
debugs. There is a progression through several states:
CLIENT_WAIT
CLIENT_REPLY
SERVER_WAIT
SERVER_REPLY
Note:&As the two negotiate, there can be several iterations of CLIENT_WAIT and CLIENT_REPLY, as well as SERVER_WAIT and SERVER_REPLY.
SERVER_PASS
debug shows each individual step through each state. The
debugs show the actual conversation between the authentication server and the client. The easiest way to work with EAP debugs is to watch the progression of state machine messages through each state.
When something fails in the negotiation, the
state-machine
debugs show why the process stopped. Watch for messages similar to these examples:
CLIENT TIMEOUT —This state indicates that the client did not respond within an appropriate amount of time. This failure to respond can occur due to one of these reasons:
There is a problem with the client software.
The EAP client timeout value (from the EAP Authentication subtab under Advanced Security) has expired.
Some EAPs, particularly Protected EAP (PEAP), take longer than 30 seconds to complete authentication. Set this timer to a higher value (between 90 and 120 seconds). This is an example of a CLIENT TIMEOUT attempt:
CLIENT TIMEOUT Example
Apr 12 17:51:09.373: dot11_auth_dot1x_start: in the dot11_auth_dot1x_start
Apr 12 17:51:09.373: dot11_auth_dot1x_send_id_req_to_client:
sending identity request for .3758
Apr 12 17:51:09.374: dot11_auth_dot1x_send_id_req_to_client:
Started timer client_timeout 30 seconds
Apr 12 17:51:39.358: dot11_auth_dot1x_run_rfsm:
Executing Action(CLIENT_WAIT,TIMEOUT) for .3758
Apr 12 17:51:39.358: dot11_auth_dot1x_send_client_fail:
Authentication failed for .3758
Apr 12 17:51:39.358: %DOT11-7-AUTH_FAILED:
Station .3758 Authentication failed
Note:&Watch for any system error messages that are similar to this message:
%DOT11-4-MAXRETRIES: Packet to client xxxx.xxxx.xxxx reached
max retries, removing the client
Note:&Such error messages can indicate a radio frequency (RF) problem.
Shared secret mismatch between the AP and the RADIUS server—In this example log, the RADIUS server does not accept the authentication request from the AP. The AP continues to send the request to the RADIUS server, but the RADIUS server rejects the request because the shared secret is mismatched. In order to resolve this problem, be sure to check that the shared secret on the AP is the same one that is used in the RADIUS server.
Shared Secret Mismatch Between AP and RADIUS Server
2 15:58:13.553: %RADIUS-4-RADIUS_DEAD:
RADIUS server 10.10.1.172: is not responding.
2 15:58:13.553: %RADIUS-4-RADIUS_ALIVE: RADIUS server
10.10.1.172: has returned.
2 15:58:23.664: %DOT11-7-AUTH_FAILED: Station .3758
Authentication failed
server_timeout —This state indicates that the authentication server did not respond in an appropriate amount of time. This failure to respond occurs because of a problem on the server. Verify that these situations are true:
The AP has IP connectivity to the authentication server.
Note:&You can use the ping command in order to verify connectivity.
The authentication and accounting port numbers are correct for the server.
Note:&You can check the port numbers from the Server Manager tab.
The authentication service is running and functional.
This is an example of a server_timeout attempt:
server_timeout Example
8 20:02:55.469: dot11_auth_dot1x_start:
in the dot11_auth_dot1x_start
8 20:02:55.469: dot11_auth_dot1x_send_id_req_to_client:
sending identity request for .304f
8 20:02:55.469: dot11_auth_dot1x_send_id_req_to_client:
Started timer client_timeout 30 seconds
8 20:02:55.470: dot11_auth_parse_client_pak:
Received EAPOL packet from .304f
8 20:02:55.470: dot11_auth_dot1x_run_rfsm:
Executing Action(CLIENT_WAIT,EAP_START) for .304f
8 20:02:55.470: dot11_auth_dot1x_send_id_req_to_client:
sending identity request for .304f
8 20:02:55.470: dot11_auth_dot1x_send_id_req_to_client:
Started timer client_timeout 30 seconds
8 20:02:55.471: dot11_auth_parse_client_pak:
Received EAPOL packet from .304f
8 20:02:55.472: dot11_auth_parse_client_pak:
id is not matching req-id:1resp-id:2, waiting for response
8 20:02:55.474: dot11_auth_parse_client_pak:
Received EAPOL packet from .304f
8 20:02:55.474: dot11_auth_dot1x_run_rfsm:
Executing Action(CLIENT_WAIT,CLIENT_REPLY) for .304f
8 20:02:55.474: dot11_auth_dot1x_send_response_to_server:
Sending client .304f data to server
8 20:02:55.475: dot11_auth_dot1x_send_response_to_server:
Started timer server_timeout 60 seconds
8 20:02:55.476: RADIUS:
AAA Unsupported
8 20:02:55.476: RADIUS:
6C 61 62 61 70 31 32 30 30 69 70 31
[labap1200ip1]
8 20:02:55.476: RADIUS:
AAA Unsupported
8 20:02:55.476: RADIUS(): Storing nasport 32 in rad_db
8 20:02:55.476: RADIUS(): Config NAS IP: 10.0.0.102
8 20:02:55.476: RADIUS/ENCODE(): acct_session_id: 49
8 20:02:55.477: RADIUS(): Config NAS IP: 10.0.0.102
8 20:02:55.477: RADIUS(): sending
8 20:02:55.477: RADIUS(): Send Access-Request
to 10.0.0.3:1234 id , len 139
8 20:02:55.478: RADIUS:
authenticator B6 F7 BB 41 0E 9F 44 D1
- 9A F8 E2 D7 5D 70 F2 76
8 20:02:55.478: RADIUS:
8 20:02:55.478: RADIUS:
Framed-MTU
8 20:02:55.478: RADIUS:
Called-Station-Id
8 20:02:55.478: RADIUS:
Calling-Station-Id
8 20:02:55.478: RADIUS:
Service-Type
8 20:02:55.478: RADIUS:
Message-Authenticato[80]
8 20:02:55.478: RADIUS:
EAP-Message
8 20:02:55.479: RADIUS:
02 02 00 0C 01 61 69 72 6F 6E 65 74
[?????aironet]
8 20:02:55.479: RADIUS:
NAS-Port-Type
wireless [19]
8 20:02:55.479: RADIUS:
8 20:02:55.479: RADIUS:
NAS-IP-Address
10.0.0.102
8 20:02:55.480: RADIUS:
Nas-Identifier
8 20:03:00.478: RADIUS:
Retransmit to (10.0.0.3:) for id
8 20:03:05.475: RADIUS:
Retransmit to (10.0.0.3:) for id
8 20:03:10.473: RADIUS:
Retransmit to (10.0.0.3:) for id
8 20:03:15.470: RADIUS:
No response from (10.0.0.3:) for id
8 20:03:15.470: RADIUS/DECODE:
parse r FAIL
8 20:03:15.470: RADIUS/DECODE:
8 20:03:15.470: dot11_auth_dot1x_parse_aaa_resp:
Received server response: FAIL
8 20:03:15.470: dot11_auth_dot1x_parse_aaa_resp:
found eap pak in server response
8 20:03:15.470: dot11_auth_dot1x_parse_aaa_resp:
detailed aaa_status 1
8 20:03:15.471: dot11_auth_dot1x_run_rfsm:
Executing Action(SERVER_WAIT,SERVER_FAIL) for .304f
8 20:03:15.471: dot11_auth_dot1x_send_client_fail:
Authentication failed for .304f
8 20:03:15.471: %DOT11-7-AUTH_FAILED: Station .304f
Authentication failed
SERVER_FAIL —This state indicates that the server gave an unsuccessful authentication response based on the user credentials. The RADIUS debug that precedes this failure shows the user name that was presented to the authentication server. Be sure to check the Failed Attempts log in the authentication server for additional details on why the server denied the client access.
This is an example of a SERVER_FAIL attempt:
SERVER_FAIL Example
8 17:46:13.604: dot11_auth_dot1x_send_response_to_server:
Sending client .304f data to server
8 17:46:13.604: dot11_auth_dot1x_send_response_to_server:
Started timer server_timeout 60 seconds
8 17:46:13.605: RADIUS:
AAA Unsupported
8 17:46:13.605: RADIUS:
6C 61 62 61 70 31 32 30 30 69 70 31
[labap1200ip1]
8 17:46:13.606: RADIUS:
AAA Unsupported
8 17:46:13.606: RADIUS(0000001D): Using existing nas_port 18
8 17:46:13.606: RADIUS(0000001D): Config NAS IP: 10.0.0.102
8 17:46:13.606: RADIUS/ENCODE(0000001D): acct_session_id: 29
8 17:46:13.606: RADIUS(0000001D): Config NAS IP: 10.0.0.102
8 17:46:13.606: RADIUS(0000001D): sending
8 17:46:13.607: RADIUS(0000001D): Send Access-Request
to 10.0.0.3:1645 id 21645/97, len 176
8 17:46:13.607: RADIUS:
authenticator 88 82 8C BB DC 78 67 76
- 36 88 1D 89 2B DC C9 99
8 17:46:13.607: RADIUS:
&unknown_user&
8 17:46:13.607: RADIUS:
Framed-MTU
8 17:46:13.608: RADIUS:
Called-Station-Id
8 17:46:13.608: RADIUS:
Calling-Station-Id
8 17:46:13.608: RADIUS:
Service-Type
8 17:46:13.608: RADIUS:
Message-Authenticato[80]
8 17:46:13.608: RADIUS:
EAP-Message
8 17:46:13.608: RADIUS:
02 44 00 2C 11 01 00 18 02
69 C3 F1 B5 90 52 F7
[?D?,?????i????R?]
8 17:46:13.609: RADIUS:
B2 57 FF F0 74 8A 80 59 31 6D C7 30 D3 D0 AF 65
[?W??t??Y1m?0???e]
8 17:46:13.609: RADIUS:
75 6E 6B 6E 6F 77 6E 5F 75 73 65 72
[unknown_user]
8 17:46:13.609: RADIUS:
NAS-Port-Type
8 17:46:13.609: RADIUS:
8 17:46:13.610: RADIUS:
NAS-IP-Address
10.0.0.102
8 17:46:13.610: RADIUS:
Nas-Identifier
8 17:46:13.622: RADIUS: Received from id 21645/97
10.0.0.3:1645, Access-Reject, len 56
8 17:46:13.622: RADIUS:
authenticator 55 E0 51 EF DA CE F7 78
- 92 72 3D 97 8F C7 97 C3
8 17:46:13.622: RADIUS:
EAP-Message
8 17:46:13.623: RADIUS:
04 44 00 04
8 17:46:13.623: RADIUS:
Reply-Message
8 17:46:13.623: RADIUS:
52 65 6A 65 63 74 65 64 0A 0D
[Rejected??]
8 17:46:13.623: RADIUS:
Message-Authenticato[80]
8 17:46:13.624: RADIUS(0000001D): Received from id 21645/97
8 17:46:13.624: RADIUS/DECODE: EAP-Message fragments, 4, total 4 bytes
8 17:46:13.624: RADIUS/DECODE: Reply-Message fragments,
10, total 10 bytes
8 17:46:13.624: dot11_auth_dot1x_parse_aaa_resp:
Received server response: FAIL
8 17:46:13.625: dot11_auth_dot1x_parse_aaa_resp:
found eap pak in server response
8 17:46:13.625: dot11_auth_dot1x_run_rfsm:
xecuting Action(SERVER_WAIT,SERVER_FAIL) for .304f
8 17:46:13.625: dot11_auth_dot1x_send_response_to_client:
Forwarding server message to client .304f
8 17:46:13.626: dot11_auth_dot1x_send_response_to_client:
Started timer client_timeout 20 seconds
8 17:46:13.626: dot11_auth_dot1x_send_client_fail:
Authentication failed for .304f
8 17:46:13.626: %DOT11-6-DISASSOC: Interface Dot11Radio0,
Deauthenticating Station .304f
8 17:46:13.626: %DOT11-7-AUTH_FAILED: Station .304f
Authentication failed
No Response from Client—In this example, the radius server sends a pass message to the AP which the AP forwards on and then it associates the client. Eventually the client does not respond to the AP. Therefore, the AP deauthenticates it after it reaches the maximum retries.
No Response from the Client
Sep 22 08:42:04: dot11_auth_dot1x_run_rfsm:
Executing Action(SERVER_WAIT,SERVER_PASS) for .3758
Sep 22 08:42:04: dot11_auth_dot1x_send_response_to_client:
Forwarding server message to client .3758
Sep 22 08:42:04: dot11_auth_dot1x_send_response_to_client:
Started timer client_timeout 30 seconds
Sep 22 08:42:04: %DOT11-6-ASSOC: Interface Dot11Radio0,
Station arlit1ad1hd6j91 .3758 Associated KEY_MGMT[NONE]
Sep 22 10:35:10: %DOT11-4-MAXRETRIES: Packet to client
.3758 reached max retries, removing the client
Sep 22 10:35:10: %DOT11-6-DISASSOC: Interface Dot11Radio0,
Deauthenticating Station .3758
Reason: Previous authentication no longer valid
The AP forwards a get challenge response from the radius to the client. The client does not respond and reaches max retries which causes EAP to fail and the AP to deauthenticate the client.
No Response from the Client
Sep 22 10:43:02: dot11_auth_dot1x_parse_aaa_resp:
Received server response: GET_CHALLENGE_RESPONSE
Sep 22 10:43:02: dot11_auth_dot1x_parse_aaa_resp:
found eap pak in server response
Sep 22 10:43:02: dot11_auth_dot1x_run_rfsm:
Executing Action(SERVER_WAIT,SERVER_REPLY) for .3758
Sep 22 10:43:02: dot11_auth_dot1x_send_response_to_client:
Forwarding server message to client .3758
Sep 22 10:43:02: dot11_auth_dot1x_send_response_to_client:
Started timer client_timeout 30 seconds
Sep 22 10:43:05: %DOT11-4-MAXRETRIES: Packet to client .3758
reached max retries, removing the client
Sep 22 10:43:05: Client .3758 failed: reached maximum retries
Radius sends a pass message to the AP, the AP forwards the pass message to the client, and the client does not respond. The AP deauthenticates it after it reaches the maximum retries. The client then attempts a new Identity request to the AP, but the AP rejects this request because the client has already reached the maximum retries.
No Response from the Client
Sep 22 10:57:08: dot11_auth_dot1x_run_rfsm:
Executing Action(SERVER_WAIT,SERVER_PASS) for .3758
Sep 22 10:57:08: dot11_auth_dot1x_send_response_to_client:
Forwarding server message to client .3758
Sep 22 10:57:08: dot11_auth_dot1x_send_response_to_client:
Started timer client_timeout 30 seconds
Sep 22 10:57:08: %DOT11-6-ASSOC: Interface Dot11Radio0,
Station arlit1ad1hd6j91 .3758 Reassociated KEY_MGMT[NONE]
Sep 22 10:57:10: %DOT11-4-MAXRETRIES: Packet to client
.3758 reached max retries, removing the client
Sep 22 10:57:10: %DOT11-6-DISASSOC: Interface Dot11Radio0,
Deauthenticating Station.3758 Reason:
Previous authentication no longer valid
Sep 22 10:57:15: AAA/BIND(): Bind i/f
Sep 22 10:57:15: dot11_auth_dot1x_start: in the dot11_auth_dot1x_start
Sep 22 10:57:15: dot11_auth_dot1x_send_id_req_to_client:
Sending identity request to .3758
Sep 22 10:57:15: dot11_auth_dot1x_send_id_req_to_client:
Client .3758 timer started for 30 seconds
Sep 22 10:57:15: %DOT11-4-MAXRETRIES: Packet to client
.3758 reached max retries, removing the client
Sep 22 10:57:15: Client .3758 failed: reached maximum retries
debugs that immediately precede the state machine message show the details of the failure.
For more information on how to configure EAP, refer to .
These debugs are the most helpful for MAC authentication:
debug radius authentication—When an external authentication server is used, the outputs of this debug start with this word: RADIUS.
debug dot11 aaa authenticator mac-authen—The outputs of this debug start with this text: dot11_auth_dot1x_.
These debugs show:
What is reported during the RADIUS portions of an authentication dialog
The comparison between the MAC address that is given and the one that is authenticated against
When an external RADIUS server is used with MAC address authentication, the RADIUS debugs apply. The result of this conjunction is a display of the actual conversation between the authentication server and the client.
When a list of MAC addresses is built locally to the device as a user name and password database, only the
mac-authen
debugs show outputs. As the address match or mismatch is determined, these outputs display.
Note:&Always enter any alphabetic characters in a MAC address in lowercase.
This examples shows a successful MAC authentication against a local database:
Successful MAC Authentication Example
8 19:02:00.109: dot11_auth_mac_start: method_list: mac_methods
8 19:02:00.109: dot11_auth_mac_start: method_index: 0x4500000B, req: 0xA7626C
8 19:02:00.109: dot11_auth_mac_start: client-&unique_id: 0x28
8 19:02:00.110: dot11_mac_process_reply: AAA reply for .304f PASSED
8 19:02:00.145: %DOT11-6-ASSOC: Interface Dot11Radio0, Station RKIBBE-W2K4
.304f Associated KEY_MGMT[NONE]
This examples shows a failed MAC authentication against a local database:
Failed MAC Authentication Example
8 19:01:22.336: dot11_auth_mac_start: method_list: mac_methods
8 19:01:22.336: dot11_auth_mac_start: method_index: 0x4500000B,
req: 0xA7626C
8 19:01:22.336: dot11_auth_mac_start: client-&unique_id: 0x27
8 19:01:22.337: dot11_mac_process_reply:
AAA reply for .304f FAILED
8 19:01:22.337: %DOT11-7-AUTH_FAILED:
Station .304f Authentication failed
When a MAC address authentication fails, check for the accuracy of the characters that are entered in the MAC address. Be sure that you have entered any alphabetic characters in a MAC address in lowercase.
For more information on how to configure MAC authentication, refer to
(Cisco IOS Software Configuration Guide for Cisco Aironet Access Points, 12.2(13)JA).
Although Wi-Fi Protected Access (WPA) is not an authentication type, it is a negotiated protocol.
WPA negotiates between the AP and the client card.
WPA key management negotiates after a client is successfully authenticated by an authentication server.
WPA negotiates both a Pairwise Transient Key (PTK) and a Groupwise Transient Key (GTK) in a four-way handshake.
Note:&Because WPA requires that the underlying EAP be successful, verify that clients can successfully authenticate with that EAP before you engage WPA.
These debugs are the most helpful for WPA negotiations:
debug dot11 aaa authenticator process—The outputs of this debug start with this text: dot11_auth_dot1x_.
debug dot11 aaa authenticator state-machine—The outputs of this debug start with this text: dot11_auth_dot1x_run_rfsm.
Relative to the other authentications in this document, WPA debugs are simple to read and analyze. A PTK message should be sent and an appropriate reply received. Next, a GTK message should be sent and another appropriate response received.
If the PTK or GTK messages are not sent, the configuration or software level on the AP can be at fault. If the PTK or GTK responses from the client are not received, check the configuration or software level on the WPA supplicant of the client card.
Successful WPA Negotiation Example
7 16:29:57.908: dot11_dot1x_build_ptk_handshake:
building PTK msg 1 for .f74a
7 16:29:59.190: dot11_dot1x_verify_ptk_handshake:
verifying PTK msg 2 from .f74a
7 16:29:59.191: dot11_dot1x_verify_eapol_header: Warning:
Invalid key info (exp=0x381, act=0x109
7 16:29:59.191: dot11_dot1x_verify_eapol_header: Warning:
Invalid key len (exp=0x20, act=0x0)
7 16:29:59.192: dot11_dot1x_build_ptk_handshake:
building PTK msg 3 for .f74a
7 16:29:59.783: dot11_dot1x_verify_ptk_handshake:
verifying PTK msg 4 from .f74a
7 16:29:59.783: dot11_dot1x_verify_eapol_header: Warning:
Invalid key info (exp=0x381, act=0x109
7 16:29:59.783: dot11_dot1x_verify_eapol_header: Warning:
Invalid key len (exp=0x20, act=0x0)
7 16:29:59.788: dot11_dot1x_build_gtk_handshake:
building GTK msg 1 for .f74a
7 16:29:59.788: dot11_dot1x_build_gtk_handshake:
dot11_dot1x_get_multicast_key len 32 index 1
7 16:29:59.788: dot11_dot1x_hex_dump: GTK:
27 CA 88 7D 03 D9 C4 61 FD 4B BE 71 EC F7 43 B5 82 93 57 83
7 16:30:01.633: dot11_dot1x_verify_gtk_handshake:
verifying GTK msg 2 from .f74a
7 16:30:01.633: dot11_dot1x_verify_eapol_header:
Warning: Invalid key info (exp=0x391, act=0x301
7 16:30:01.633: dot11_dot1x_verify_eapol_header: Warning:
Invalid key len (exp=0x20, act=0x0)
7 16:30:01.633: %DOT11-6-ASSOC: Interface Dot11Radio0,
.f74a Associated KEY_MGMT[WPA]
For more information on how to configure WPA, refer to .
You can restrict administrative access to the device to users who are listed in either a local user name and password database or to an external authentication server. Administrative access is supported with both RADIUS and TACACS+.
These debugs are the most helpful for administrative authentication:
debug radius authentication or debug tacacs authentication—The outputs of this debug start with one of these words: RADIUS or TACACS.
debug aaa authentication—The outputs of this debugs start with this text: AAA/AUTHEN.
debug aaa authorization—The outputs of this debugs start with this text: AAA/AUTHOR.
These debugs show:
What is reported during the RADIUS or TACACS portions of an authentication dialog
The actual negotiations for authentication and authorization between the device and the authentication server
This example shows a successful administrative authentication when the Service-Type RADIUS attribute is set to Administrative:
Successful Administrative Authentication Example with Service-Type Attribute
Apr 13 19:43:08.030: AAA: parse name=tty2 idb type=-1 tty=-1
Apr 13 19:43:08.030: AAA: name=tty2 flags=0x11 type=5 shelf=0 slot=0
adapter=0 port=2 channel=0
Apr 13 19:43:08.031: AAA/MEMORY: create_user (0xA1BB6C) user='NULL' ruser='NULL'
ds0=0 port='tty2' rem_addr='10.0.0.25' authen_type=ASCII service=LOGINN
Apr 13 19:43:08.031: AAA/AUTHEN/START (): port='tty2'
list='' action=LOGIN service=LOGIN
Apr 13 19:43:08.031: AAA/AUTHEN/START (): using &default& list
Apr 13 19:43:08.031: AAA/AUTHEN/START ():
Method=tac_admin (tacacs+)
Apr 13 19:43:08.032: TAC+: send AUTHEN/START packet ver=192 id=
Apr 13 19:43:08.032: AAA/AUTHEN(): Status=ERROR
Apr 13 19:43:08.032: AAA/AUTHEN/START ():
Method=rad_admin (radius)
Apr 13 19:43:08.032: AAA/AUTHEN(): Status=GETUSER
Apr 13 19:43:08.032: AAA/AUTHEN/CONT ():
continue_login (user='(undef)')
Apr 13 19:43:08.032: AAA/AUTHEN(): Status=GETUSER
Apr 13 19:43:08.032: AAA/AUTHEN(): Method=rad_admin (radius)
Apr 13 19:43:08.032: AAA/AUTHEN(): Status=GETPASS
Apr 13 19:43:08.033: AAA/AUTHEN/CONT ():
continue_login (user='aironet')
Apr 13 19:43:08.033: AAA/AUTHEN(): Status=GETPASS
Apr 13 19:43:08.033: AAA/AUTHEN(): Method=rad_admin (radius)
Apr 13 19:43:08.033: RADIUS: Pick NAS IP for u=0xA1BB6C tableid=0
cfg_addr=10.0.0.102 best_addr=0.0.0.0
Apr 13 19:43:08.033: RADIUS: ustruct sharecount=1
Apr 13 19:43:08.034: Radius: radius_port_info() success=1 radius_nas_port=1
Apr 13 19:43:08.034: RADIUS(): Send Access-Request to 10.0.0.3:1645
id 21646/48, len 76
Apr 13 19:43:08.034: RADIUS:
authenticator 91 A0 98 87 C1 FC F2 E7
- E7 E4 57 DF 20 D0 82 27
Apr 13 19:43:08.034: RADIUS:
NAS-IP-Address
10.0.0.102
Apr 13 19:43:08.034: RADIUS:
Apr 13 19:43:08.035: RADIUS:
NAS-Port-Type
Apr 13 19:43:08.035: RADIUS:
Apr 13 19:43:08.035: RADIUS:
Calling-Station-Id
&10.0.0.25&
Apr 13 19:43:08.035: RADIUS:
User-Password
Apr 13 19:43:08.042: RADIUS: Received from id .0.0.3:1645,
Access-Accept, len 62
Apr 13 19:43:08.042: RADIUS:
authenticator C9 32 E7 8F 97 5F E6 4C
- 6B 90 71 EE ED 2C 2B 2B
Apr 13 19:43:08.042: RADIUS:
Service-Type
Administrative
Apr 13 19:43:08.042: RADIUS:
Framed-IP-Address
255.255.255.255
Apr 13 19:43:08.042: RADIUS:
Apr 13 19:43:08.043: RADIUS:
43 49 53 43 4F 41 43 53 3A 30 30 30 30 33 36 36
[CISCOACS:0000366]
Apr 13 19:43:08.043: RADIUS:
39 2F 30 61 30 30 30 30 36 36 2F 32
Apr 13 19:43:08.044: RADIUS: saved authorization data for user A1BB6C at B0C260
Apr 13 19:43:08.044: AAA/AUTHEN(): Status=PASS
Apr 13 19:43:08.044: tty2 AAA/AUTHOR/HTTP():
Port='tty2' list='' service=EXEC
Apr 13 19:43:08.044: AAA/AUTHOR/HTTP: tty2() user='aironet'
Apr 13 19:43:08.044: tty2 AAA/AUTHOR/HTTP(): send AV service=shell
Apr 13 19:43:08.044: tty2 AAA/AUTHOR/HTTP(): send AV cmd*
Apr 13 19:43:08.045: tty2 AAA/AUTHOR/HTTP(): found list &default&
Apr 13 19:43:08.045: tty2 AAA/AUTHOR/HTTP(): Method=tac_admin (tacacs+)
Apr 13 19:43:08.045: AAA/AUTHOR/TAC+: (): user=aironet
Apr 13 19:43:08.045: AAA/AUTHOR/TAC+: (): send AV service=shell
Apr 13 19:43:08.045: AAA/AUTHOR/TAC+: (): send AV cmd*
Apr 13 19:43:08.046: AAA/AUTHOR (): Post authorization status = ERROR
Apr 13 19:43:08.046: tty2 AAA/AUTHOR/HTTP():
Method=rad_admin (radius)
Apr 13 19:43:08.046: AAA/AUTHOR ():
Post authorization status = PASS_ADD
Apr 13 19:43:08.443: AAA/MEMORY: free_user (0xA1BB6C) user='aironet'
ruser='NULL' port='tty2' rem_addr='10.0.0.25' authen_type=ASCII service=LOGIN
This example shows a successful administrative authentication when you use vendor-specific attributes in order to send a &priv-level& statement:
Successful Administrative Authentication Example with Vendor-Specific Attribute
Apr 13 19:38:04.699: RADIUS: cisco AVPair &&shell:priv-lvl=15&&
not applied for shell
Apr 13 19:38:04.699: AAA/AUTHOR (): Post authorization status
= PASS_ADD
Apr 13 19:38:04.802: AAA/MEMORY: free_user (0xAA0E38) user='aironet'
ruser='NULL' port='tty3' rem_addr='10.0.0.25' authen_type=ASCII
service=LOGIN
Apr 13 19:38:04.901: AAA: parse name=tty3 idb type=-1 tty=-1
Apr 13 19:38:04.901: AAA: name=tty3 flags=0x11 type=5 shelf=0 slot=0
port=3 channel=0
Apr 13 19:38:04.902: AAA/MEMORY: create_user (0xAA23BC) user='NULL'
ruser='NULL' ds0=0 port='tty3' rem_addr='10.0.0.25'
authen_type=ASCII service=LOGIN
Apr 13 19:38:04.902: AAA/AUTHEN/START (): port='tty3' list=''
action=LOGIN service=LOGIN
Apr 13 19:38:04.902: AAA/AUTHEN/START (): using &default& list
Apr 13 19:38:04.902: AAA/AUTHEN/START (): Method=tac_admin (tacacs+)
Apr 13 19:38:04.902: TAC+: send AUTHEN/START packet ver=192 id=
Apr 13 19:38:04.902: AAA/AUTHEN(): Status=ERROR
Apr 13 19:38:04.902: AAA/AUTHEN/START (): Method=rad_admin (radius)
Apr 13 19:38:04.902: AAA/AUTHEN(): Status=GETUSER
Apr 13 19:38:04.903: AAA/AUTHEN/CONT (): continue_login
(user='(undef)')
Apr 13 19:38:04.903: AAA/AUTHEN(): Status=GETUSER
Apr 13 19:38:04.903: AAA/AUTHEN(): Method=rad_admin (radius)
Apr 13 19:38:04.904: AAA/AUTHEN(): Status=GETPASS
Apr 13 19:38:04.904: AAA/AUTHEN/CONT (): continue_login
(user='aironet')
Apr 13 19:38:04.904: AAA/AUTHEN(): Status=GETPASS
Apr 13 19:38:04.904: AAA/AUTHEN(): Method=rad_admin (radius)
Apr 13 19:38:04.904: RADIUS: Pick NAS IP for u=0xAA23BC tableid=0
cfg_addr=10.0.0.102 best_addr=0.0.0.0
Apr 13 19:38:04.904: RADIUS: ustruct sharecount=1
Apr 13 19:38:04.904: Radius: radius_port_info() success=1 radius_nas_port=1
Apr 13 19:38:04.925: RADIUS(): Send Access-Request to
10.0.0.3:1645 id 21646/3, len 76
Apr 13 19:38:04.926: RADIUS:
authenticator 0C DD 2B B7 CA 5E 7C B9
- 46 90 FD 7A FD 56 3F 07
Apr 13 19:38:04.926: RADIUS:
NAS-IP-Address
10.0.0.102
Apr 13 19:38:04.926: RADIUS:
Apr 13 19:38:04.926: RADIUS:
NAS-Port-Type
Apr 13 19:38:04.926: RADIUS:
Apr 13 19:38:04.926: RADIUS:
Calling-Station-Id
&10.0.0.25&
Apr 13 19:38:04.926: RADIUS:
User-Password
Apr 13 19:38:04.932: RADIUS: Received from id .0.0.3:1645,
Access-Accept, len 89
Apr 13 19:38:04.933: RADIUS:
authenticator FA A4 31 49 51 87 9D CA
- 9D F7 B3 9B EF C2 8B 7E
Apr 13 19:38:04.933: RADIUS:
Vendor, Cisco
Apr 13 19:38:04.933: RADIUS:
Cisco AVpair
&&shell:priv-lvl=15&&
Apr 13 19:38:04.934: RADIUS:
Service-Type
Apr 13 19:38:04.934: RADIUS:
Framed-IP-Address
255.255.255.255
Apr 13 19:38:04.934: RADIUS:
Apr 13 19:38:04.934: RADIUS:
43 49 53 43 4F 41 43 53 3A 30 30 30 30 33 36 33
[CISCOACS:0000363]
Apr 13 19:38:04.934: RADIUS:
61 2F 30 61 30 30 30 30 36 36 2F 33
Apr 13 19:38:05.634: AAA/AUTHOR (): Post authorization
status = PASS_ADD
Apr 13 19:38:05.917: AAA/MEMORY: free_user (0xA9D054) user='aironet'
ruser='NULL' port='tty2' rem_addr='10.0.0.25' authen_type=ASCII
service=LOGIN priv=0
The most common problem with administrative authentication is the failure to configure the authentication server to send the appropriate privilege-level or administrative service-type attributes. This example attempt failed administrative authentication because no privilege-level attributes or administrative service-type attributes were sent:
Without Vendor-Specific or Service-Type Attributes
Apr 13 20:02:59.516: tty3 AAA/AUTHOR/HTTP(): Port='tty3'
list='' service=EXEC
Apr 13 20:02:59.516: AAA/AUTHOR/HTTP: tty3() user='aironet'
Apr 13 20:02:59.516: tty3 AAA/AUTHOR/HTTP(): send AV service=shell
Apr 13 20:02:59.516: tty3 AAA/AUTHOR/HTTP(): send AV cmd*
Apr 13 20:02:59.516: tty3 AAA/AUTHOR/HTTP(): found list &default&
Apr 13 20:02:59.516: tty3 AAA/AUTHOR/HTTP(): Method=tac_admin (tacacs+)
Apr 13 20:02:59.516: AAA/AUTHOR/TAC+: (): user=aironet
Apr 13 20:02:59.516: AAA/AUTHOR/TAC+: (): send AV service=shell
Apr 13 20:02:59.516: AAA/AUTHOR/TAC+: (): send AV cmd*
Apr 13 20:02:59.516: AAA/AUTHOR (): Post authorization status = ERROR
Apr 13 20:02:59.517: tty3 AAA/AUTHOR/HTTP(): Method=rad_admin (radius)
Apr 13 20:02:59.517: AAA/AUTHOR (): Post authorization status = PASS_ADD
Apr 13 20:02:59.561: AAA/MEMORY: free_user (0xA756E8) user='aironet'
ruser='NULL' port='tty2' rem_addr='10.0.0.25' authen_type=ASCII
service=LOGIN priv=0
vrf= (id=0)
Apr 13 20:02:59.620: AAA/MEMORY: free_user (0x9E5B04) user='aironet'
ruser='NULL'
port='tty3' rem_addr='10.0.0.25' authen_type=ASCII
service=LOGIN priv=0 vrf= (id=0)
Apr 13 20:03:04.501: AAA: parse name=tty2 idb type=-1 tty=-1
Apr 13 20:03:04.501: AAA: name=tty2 flags=0x11 type=5 shelf=0 slot=0 adapter=0
port=2 channel=0
Apr 13 20:03:04.502: AAA/MEMORY: create_user (0xA9C7A4) user='NULL'
ruser='NULL' ds0=0 port='tty2' rem_addr='10.0.0.25' authen_type=ASCII
service=LOGIN priv=0
Apr 13 20:03:04.502: AAA/AUTHEN/START (): port='tty2' list=''
action=LOGIN service=LOGIN
Apr 13 20:03:04.502: AAA/AUTHEN/START (): using &default& list
Apr 13 20:03:04.503: AAA/AUTHEN/START (): Method=tac_admin (tacacs+)
Apr 13 20:03:04.503: TAC+: send AUTHEN/START packet ver=192 id=
Apr 13 20:03:04.503: AAA/AUTHEN(): Status=ERROR
Apr 13 20:03:04.503: AAA/AUTHEN/START (): Method=rad_admin (radius)
Apr 13 20:03:04.503: AAA/AUTHEN(): Status=GETUSER
Apr 13 20:03:04.503: AAA/AUTHEN/CONT (): continue_login (user='(undef)')
Apr 13 20:03:04.503: AAA/AUTHEN(): Status=GETUSER
Apr 13 20:03:04.503: AAA/AUTHEN(): Method=rad_admin (radius)
Apr 13 20:03:04.503: AAA/AUTHEN(): Status=GETPASS
Apr 13 20:03:04.504: AAA/AUTHEN/CONT (): continue_login (user='aironet')
Apr 13 20:03:04.504: AAA/AUTHEN(): Status=GETPASS
Apr 13 20:03:04.504: AAA/AUTHEN(): Method=rad_admin (radius)
Apr 13 20:03:04.504: RADIUS: Pick NAS IP for u=0xA9C7A4 tableid=0
cfg_addr=10.0.0.102 best_addr=0.0.0.0
Apr 13 20:03:04.505: RADIUS: ustruct sharecount=1
Apr 13 20:03:04.505: Radius: radius_port_info() success=1 radius_nas_port=1
Apr 13 20:03:04.505: RADIUS(): Send Access-Request to 10.0.0.3:1645
id 21646/59, len 76
Apr 13 20:03:04.505: RADIUS:
authenticator 0F BD 81 17 8F C5 1C B4
- 84 1C 66 4D CF D4 96 03
Apr 13 20:03:04.505: RADIUS:
NAS-IP-Address
10.0.0.102
Apr 13 20:03:04.506: RADIUS:
Apr 13 20:03:04.506: RADIUS:
NAS-Port-Type
Apr 13 20:03:04.506: RADIUS:
Apr 13 20:03:04.506: RADIUS:
Calling-Station-Id
&10.0.0.25&
Apr 13 20:03:04.507: RADIUS:
User-Password
Apr 13 20:03:04.513: RADIUS: Received from id .0.0.3:1645,
Access-Accept, len 56
Apr 13 20:03:04.513: RADIUS:
authenticator BB F0 18 78 33 D0 DE D3
- 8B E9 E0 EE 2A 33 92 B5
Apr 13 20:03:04.513: RADIUS:
Framed-IP-Address
255.255.255.255
Apr 13 20:03:04.513: RADIUS:
Apr 13 20:03:04.514: RADIUS:
43 49 53 43 4F 41 43 53 3A 30 30 30 30 33 36 38
[CISCOACS:0000368]
Apr 13 20:03:04.514: RADIUS:
33 2F 30 61 30 30 30 30 36 36 2F 32
Apr 13 20:03:04.515: RADIUS: saved authorization data for user A9C7A4 at A9C99C
Apr 13 20:03:04.515: AAA/AUTHEN(): Status=PASS
Apr 13 20:03:04.515: tty2 AAA/AUTHOR/HTTP(): Port='tty2' list=''
service=EXEC
Apr 13 20:03:04.515: AAA/AUTHOR/HTTP: tty2() user='aironet'
Apr 13 20:03:04.515: tty2 AAA/AUTHOR/HTTP(): send AV service=shell
Apr 13 20:03:04.515: tty2 AAA/AUTHOR/HTTP(): send AV cmd*
Apr 13 20:03:04.515: tty2 AAA/AUTHOR/HTTP(): found list &default&
Apr 13 20:03:04.516: tty2 AAA/AUTHOR/HTTP(): Method=tac_admin (tacacs+)
Apr 13 20:03:04.516: AAA/AUTHOR/TAC+: (): user=aironet
Apr 13 20:03:04.516: AAA/AUTHOR/TAC+: (): send AV service=shell
Apr 13 20:03:04.516: AAA/AUTHOR/TAC+: (): send AV cmd*
Apr 13 20:03:04.517: AAA/AUTHOR (): Post authorization status = ERROR
Apr 13 20:03:04.517: tty2 AAA/AUTHOR/HTTP(): Method=rad_admin (radius)
Apr 13 20:03:04.517: AAA/AUTHOR (): Post authorization status
= PASS_ADD
Apr 13 20:03:04.619: AAA/MEMORY: free_user (0xA9C7A4) user='aironet'
ruser='NULL' port='tty2' rem_addr='10.0.0.25' authen_type=ASCII
service=LOGIN priv=0 vrf=
For more information on how to configure administrative authentication, refer to
(Cisco IOS Software Configuration Guide for Cisco Aironet Access Points, 12.2(13)JA).
For more information on how to configure administrative privilege to users on the authentication server, refer to . Check the section that matches the authentication protocol that you use.
Was this Document Helpful?
Let Us Help
(Requires a )
Related Support Community Discussions
No short URL (hidden).

牛顿第二运动定律定律×2÷36√1≌75×0.568＝？

我要回帖

更多关于牛顿第一定律ppt 的文章

随机推荐

牛顿第二运动定律定律×2÷36√1≌75×0.568＝？

我要回帖

更多关于 牛顿第一定律ppt 的文章

随机推荐

更多关于牛顿第一定律ppt 的文章