I have a cisco 3560 connected to a Radius server (IAS) . I am trying the configure a new request-access policy in the IAS so that it accepts the Radius-request of username / password as some mac-address e.g 00-aa-bb-cc-dd-ee . But everytime a access-request is sent from the cisco to IAS , the access-request is rejected , saying "Reason = The connection attempt did not match any connection request policy. "
While creating the policy , I have tried checking the following options for Authentication :
1.Unencrypted authentication (PAP,SPAP)
2.Encrypted Authentication (CHAP)
For policy-conditions :
I have calling-station-id match "00-AA-BB-CC-DD-EE"
and Windows groups matches , they are the groups of which the username I have created is a part of.
Is there any document which says what things I need to configure on Radius IAS , while making a new policy for MAB scenarios ?
Thanks everyone !
Following details are captured on the IAS :
User 00aabbccddee was denied access.
Fully-Qualified-User-Name = <undetermined>
NAS-IP-Address = 10.11.131.105
NAS-Identifier = <not present>
Called-Station-Identifier = 00-1B-8F-72-83-83
Calling-Station-Identifier = 00-AA-BB-CC-DD-EE
Client-Friendly-Name = Taccisco
Client-IP-Address = 10.11.131.105
NAS-Port-Type = Ethernet
NAS-Port = 50003
Proxy-Policy-Name = <none>
Authentication-Provider = <undetermined>
Authentication-Server = <undetermined>
Policy-Name = <undetermined>
Authentication-Type = <undetermined>
EAP-Type = <undetermined>
Reason-Code = 49
Reason = The connection attempt did not match any connection request policy.
On the cisco box , I have turned the radius debugs on which show that following details are sent.
"
8w2d: RADIUS: AAA Unsupported [468] 24
8w2d: RADIUS: 30 41 30 42 38 33 36 39 30 30 30 30 30 30 34 30 [0A0B836900000040]
8w2d: RADIUS: 32 44 46 45 45 39 [2DFEE9]
8w2d: RADIUS: AAA Unsupported [163] 18
8w2d: RADIUS: 47 69 67 61 62 69 74 45 74 68 65 72 6E 65 74 30 [GigabitEthernet0]
8w2d: RADIUS(00000481): Storing nasport 50003 in rad_db
8w2d: RADIUS(00000481): Config NAS IP: 0.0.0.0
8w2d: RADIUS/ENCODE(00000481): acct_session_id: 1153
8w2d: RADIUS(00000481): sending
8w2d: RADIUS/ENCODE: Best Local IP-Address 10.11.131.105 for Radius-Server 10.11.197.169
8w2d: RADIUS(00000481): Send Access-Request to 10.11.197.169:1645 id 1645/128, len 138
8w2d: RADIUS: authenticator 37 D0 5A 61 0D 31 CE 31 - CD 22 46 BE E6 C6 E5 DC
8w2d: RADIUS: User-Name [1] 14 "00aabbccddee"
8w2d: RADIUS: User-Password [2] 18 *
8w2d: RADIUS: Service-Type [6] 6 Call Check [10]
8w2d: RADIUS: Framed-MTU [12] 6 1500
8w2d: RADIUS: Called-Station-Id [30] 19 "00-1B-8F-72-83-83"
8w2d: RADIUS: Calling-Station-Id [31] 19 "00-AA-BB-CC-DD-EE"
8w2d: RADIUS: Message-Authenticato[80] 18
8w2d: RADIUS: 2E 80 58 F1 FC 9E ED 92 96 F2 57 FE C5 4C 3D D3 [.?X???????W??L=?]
8w2d: RADIUS: NAS-Port-Type [61] 6 Eth [15]
8w2d: RADIUS: NAS-Port [5] 6 50003
8w2d: RADIUS: NAS-IP-Address [4] 6 10.11.131.105
8w2d: RADIUS: Received from id 1645/128 10.11.197.169:1645, Access-Reject, len 20
8w2d: RADIUS: authenticator 4D 93 6E D9 8F 47 ED 46 - 28 B2 AD DD 23 04 E0 2D
8w2d: RADIUS(00000481): Received from id 1645/128
8w2d: RADIUS: AAA Unsupported [468] 24
8w2d: RADIUS: 30 41 30 42 38 33 36 39 30 30 30 30 30 30 34 30 [0A0B836900000040]
8w2d: RADIUS: 32 44 46 45 45 39 [2DFEE9]
8w2d: RADIUS: AAA Unsupported [163] 18
8w2d: RADIUS: 47 69 67 61 62 69 74 45 74 68 65 72 6E 65 74 30 [GigabitEthernet0]
8w2d: RADIUS(00000482): Storing nasport 50003 in rad_db
8w2d: RADIUS(00000482): Config NAS IP: 0.0.0.0
8w2d: RADIUS/ENCODE(00000482): acct_session_id: 1154
8w2d: RADIUS(00000482): sending
8w2d: RADIUS/ENCODE: Best Local IP-Address 10.11.131.105 for Radius-Server 10.11.197.169 "