Cisco Aironet AP1260无法连接到FreeRADIUS服务器

Cisco Aironet AP1260独立接入点和FreeRADIUS服务器有问题。 我试图在FreeRADIUS服务器上设置一个802.11x接入点和身份validation。 我build立了AP和服务器，在/etc/raddb/users创build临时用户，并使用radtest实用程序testingRADIUS服务器。 但是当我尝试连接到我的AP时，我被拒绝了，并且根本没有FreeRADIUS日志。 我确定我的日志configuration是可以的（非常详细的日志被启用）。 我尝试运行radiusd -X实时查看活动，但它没有给我任何结果： radtest活动显示良好，但从AP没有活动。

我确实用tcpdump检查了UDPstream量，AP的请求到达服务器，但被FreeRADIUS守护进程忽略。 端口也设置正确（auth默认为1812 ）。

那么，如何让FreeRADIUS接受思科的authentication请求呢？

更新 ： radtest命令只适用于本地主机。 即使我直接用Linux连接两台机器，先运行radiusd -X ，然后尝试第二台机器，FreeRADIUS服务器也不会有任何反应。 我认为在FreeRADIUS中有一些configuration错误，但是它在哪里？

• 用于跟踪/ SLA监视器的Cisco SNMP OID
• outlook玻璃脚本
• 水平分割（Split Horizo​​n），路由过滤（Route filtering），并且让RIPv2宣布一条不连接的路由到主机
• 思科1841与西门子Speedstream 6520调制解调器
• Cisco Catalyst 3550 + Alteon 184负载平衡问题

有我的configuration：

 sasaika#sh run Building configuration... Current configuration : 2030 bytes ! version 12.4 no service pad service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname sasaika ! logging rate-limit console 9 enable secret 5 *omitted* ! aaa new-model ! ! aaa group server radius rad_eap server 172.16.10.13 auth-port 1812 acct-port 1813 ! aaa authentication login eap_methods group rad_eap ! aaa session-id common ip domain name ex.example.com ! ! dot11 syslog ! dot11 ssid Edhelwen authentication open eap eap_methods authentication network-eap eap_methods authentication key-management wpa version 2 guest-mode ! ! ! username *omitted* privilege 15 secret 5 *omitted* ! ! ip ssh time-out 60 ip ssh version 2 bridge irb ! ! interface Dot11Radio0 description Test-WiFi no ip address no ip route-cache ! encryption mode ciphers aes-ccm ! ssid Edhelwen ! antenna gain 0 station-role root access-point bridge-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding bridge-group 1 spanning-disabled ! interface Dot11Radio1 no ip address no ip route-cache shutdown antenna gain 0 station-role root bridge-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding bridge-group 1 spanning-disabled ! interface GigabitEthernet0 no ip address no ip route-cache duplex auto speed auto no keepalive bridge-group 1 no bridge-group 1 source-learning bridge-group 1 spanning-disabled ! interface BVI1 ip address 172.16.10.12 255.255.255.128 no ip route-cache ! ip http server no ip http secure-server ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag radius-server host 172.16.10.13 auth-port 1812 acct-port 1813 key 7 *omitted* bridge 1 route ip ! ! ! line con 0 line vty 0 4 transport input ssh line vty 5 15 transport input ssh ! end 

/etc/raddb/radiusd.conf ：

 prefix = /usr exec_prefix = /usr sysconfdir = /etc localstatedir = /var sbindir = /usr/sbin logdir = ${localstatedir}/log/radius raddbdir = ${sysconfdir}/raddb radacctdir = ${logdir}/radacct name = radiusd confdir = ${raddbdir} run_dir = ${localstatedir}/run/${name} db_dir = ${raddbdir} libdir = /usr/lib/freeradius pidfile = ${run_dir}/${name}.pid user = radiusd group = radiusd max_request_time = 30 cleanup_delay = 5 max_requests = 1024 listen { type = auth ipaddr = * port = 1812 } listen { ipaddr = * port = 1813 type = acct } hostname_lookups = no allow_core_dumps = no regular_expressions = yes extended_expressions = yes log { destination = files file = ${logdir}/radius.log requests = ${logdir}/radiusd-%Y%m%d.log syslog_facility = daemon stripped_names = yes auth = yes auth_badpass = yes auth_goodpass = yes msg_goodpass = "Good: " msg_badpass = "Bad: " } checkrad = ${sbindir}/checkrad security { max_attributes = 200 reject_delay = 1 status_server = yes } proxy_requests = off $INCLUDE clients.conf thread pool { start_servers = 5 max_servers = 32 min_spare_servers = 3 max_spare_servers = 10 max_requests_per_server = 0 } modules { $INCLUDE ${confdir}/modules/ $INCLUDE eap.conf } instantiate { exec expr expiration logintime } $INCLUDE policy.conf $INCLUDE sites-enabled/ 

/etc/raddb/clients.conf ：

 client cisco-ap { ipaddr = 172.16.10.12 nastype = cisco # i tried to disable it, no effect secret = *omitted* require_message_authenticator = no } client localhost { ipaddr = 127.0.0.1 secret = *omitted* require_message_authenticator = no }