Cisco 1310 bridges and FreeRadius authentication

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Hi all,


I have two 1310 bridges...one configured as root and the other as non-root.

Authentication Settings: Open with EAP and Network EAP with no addition.

Set up: when non-root bridge tries to associate with root bridge, root bridge checks with radius server if it's ok to associate with the non-root bridge


I can see communication with the radius server (I'm using FreeRadius) and the radius server even sends a SUCCESS back to the root bridge.

However I'm seeing this error on the non-root bridge: %DOT1X_SHIM-3-PLUMB_KEY_ERR: Unable to plumb keys - Eap key struct is NULL and the bridges do not authenticate.


Any ideas how I can solve this issue?


Event log of nonroot bridge when turning on debug on eap


*Mar 1 2002 00:16:56: EAP-EVENT: Received context create from lower layer (0x9D000001)
*Mar 1 2002 00:16:56: EAP-PEER-EVENT: Using credential profile name: SSID-QaliTest
*Mar 1 2002 00:16:56: eap_peer : initial state eap_peer_initialize has idle
*Mar 1 2002 00:16:56: eap_peer : during state eap_peer_initialize, got event 16383(idle)
*Mar 1 2002 00:16:56: @@@ eap_peer : eap_peer_initialize -> eap_peer_idle
*Mar 1 2002 00:16:56: EAP-EVENT: Allocated new EAP context (handle = 0xDF000050)
*Mar 1 2002 00:16:56: EAP-EVENT: Received event 'EAP_RX_PACKET' on handle 0xDF000050
*Mar 1 2002 00:16:56: EAP-PEER-RX-PAK: Code:REQUEST ID:0x2 Length:0x0030 Type:IDENTITY
*Mar 1 2002 00:16:56: Payload: 006E6574776F726B69643D51616C6954 ...
*Mar 1 2002 00:16:56: eap_peer : during state eap_peer_idle, got event 1(eapReq)
*Mar 1 2002 00:16:56: @@@ eap_peer : eap_peer_idle -> eap_peer_received
*Mar 1 2002 00:16:56: EAP-PEER-EVENT: EAP Request received by context 0xDF000050
*Mar 1 2002 00:16:56: EAP-PEER-EVENT: EAP Request type = Identity
*Mar 1 2002 00:16:56: eap_peer : during state eap_peer_received, got event 3(eapIdentity)
*Mar 1 2002 00:16:56: @@@ eap_peer : eap_peer_received -> eap_peer_identity
*Mar 1 2002 00:16:56: eap_peer : idle during state eap_peer_identity
*Mar 1 2002 00:16:56: @@@ eap_peer : eap_peer_identity -> eap_peer_tx_packet
*Mar 1 2002 00:16:56: EAP-PEER-EVENT: Using identity: nonroot
*Mar 1 2002 00:16:56: eap_peer : idle during state eap_peer_tx_packet
*Mar 1 2002 00:16:56: @@@ eap_peer : eap_peer_tx_packet -> eap_peer_sent_packet
*Mar 1 2002 00:16:56: EAP-PEER-EVENT: Sending packet to lower layer for context 0xDF000050
*Mar 1 2002 00:16:56: EAP-PEER-TX-PAK: Code:RESPONSE ID:0x2 Length:0x000C Type:IDENTITY
*Mar 1 2002 00:16:56: Payload: 6E6F6E726F6F74
*Mar 1 2002 00:16:56: EAP-EVENT: Sending lower layer event 'EAP_TX_PACKET' on handle 0xDF000050
*Mar 1 2002 00:16:56: EAP-EVENT: Started 'Peer Idle' timer (3000s) for EAP sesion handle 0xDF000050
*Mar 1 2002 00:16:56: EAP-EVENT: Started EAP tick timer
*Mar 1 2002 00:16:56: eap_peer : during state eap_peer_sent_packet, got event 18(eapMethodContinue)
*Mar 1 2002 00:16:56: @@@ eap_peer : eap_peer_sent_packet -> eap_peer_idle
*Mar 1 2002 00:16:56: EAP-EVENT: Received event 'EAP_RX_PACKET' on handle 0xDF000050
*Mar 1 2002 00:16:56: EAP-PEER-RX-PAK: Code:REQUEST ID:0x3 Length:0x0016 Type:MD5
*Mar 1 2002 00:16:56: Payload: 10117BFC184F00D72609741AA0F866E7 ...
*Mar 1 2002 00:16:56: eap_peer : during state eap_peer_idle, got event 1(eapReq)
*Mar 1 2002 00:16:56: @@@ eap_peer : eap_peer_idle -> eap_peer_received
*Mar 1 2002 00:16:56: EAP-EVENT: Stopping 'Peer Idle' timer for EAP sesion handle 0xDF000050
*Mar 1 2002 00:16:56: EAP-PEER-EVENT: EAP Request received by context 0xDF000050
*Mar 1 2002 00:16:56: EAP-PEER-EVENT: EAP Request type = Method (4)
*Mar 1 2002 00:16:56: EAP-PEER-EVENT: New method type
*Mar 1 2002 00:16:56: eap_peer : during state eap_peer_received, got event 4(eapStart)
*Mar 1 2002 00:16:56: @@@ eap_peer : eap_peer_received -> eap_peer_get_method
*Mar 1 2002 00:16:56: EAP-PEER-EVENT: Checking method (4) for context 0xDF000050
*Mar 1 2002 00:16:56: EAP-PEER-EVENT: Maximum EAP packet size: 1500
*Mar 1 2002 00:16:56: EAP-EVENT: Sending method directive 'New Context' on handle 0xDF000050
*Mar 1 2002 00:16:56: eap_peer : during state eap_peer_get_method, got event 11(eapMethodAllow)
*Mar 1 2002 00:16:56: @@@ eap_peer : eap_peer_get_method -> eap_peer_method
*Mar 1 2002 00:16:56: EAP-PEER-EVENT: Sending method data for context 0xDF000050
*Mar 1 2002 00:16:56: EAP-EVENT: Sending method directive 'Receive Packet' on handle 0xDF000050
*Mar 1 2002 00:16:56: EAP-PEER-EVENT: EAP method state: May Continue
*Mar 1 2002 00:16:56: EAP-PEER-EVENT: EAP method decision: Conditional Success
*Mar 1 2002 00:16:56: eap_peer : during state eap_peer_method, got event 13(eapMethodTxPacket)
*Mar 1 2002 00:16:56: @@@ eap_peer : eap_peer_method -> eap_peer_tx_packet
*Mar 1 2002 00:16:56: eap_peer : idle during state eap_peer_tx_packet
*Mar 1 2002 00:16:56: @@@ eap_peer : eap_peer_tx_packet -> eap_peer_sent_packet
*Mar 1 2002 00:16:56: EAP-PEER-EVENT: Sending packet to lower layer for context 0xDF000050
*Mar 1 2002 00:16:56: EAP-PEER-TX-PAK: Code:RESPONSE ID:0x3 Length:0x0016 Type:MD5
*Mar 1 2002 00:16:56: Payload: 10E7C887D684B05E0C59F7FB3A468625 ...
*Mar 1 2002 00:16:56: EAP-EVENT: Sending lower layer event 'EAP_TX_PACKET' on handle 0 0
QaliTest#no debug a
*Mar 1 2002 00:16:56: EAP-EVENT: Started 'Peer Idle' timer (3000s) for EAP sesion handle 0xDF000050
*Mar 1 2002 00:16:56: EAP-EVENT: Started EAP tick timer
*Mar 1 2002 00:16:56: eap_peer : during state eap_peer_sent_packet, got event 18(eapMethodContinue)
*Mar 1 2002 00:16:56: @@@ eap_peer : eap_peer_sent_packet -> eap_peer_idlell
*Mar 1 2002 00:16:58: EAP-EVENT: Received event 'EAP_RX_PACKET' on handle 0xDF000050
*Mar 1 2002 00:16:58: EAP-PEER-RX-PAK: Code:SUCCESS ID:0x3 Length:0x0004
*Mar 1 2002 00:16:58: eap_peer : during state eap_peer_idle, got event 1(eapReq)
*Mar 1 2002 00:16:58: @@@ eap_peer : eap_peer_idle -> eap_peer_received
*Mar 1 2002 00:16:58: EAP-EVENT: Stopping 'Peer Idle' timer for EAP sesion handle 0xDF000050
*Mar 1 2002 00:16:58: EAP-PEER-EVENT: EAP Success received by context 0xDF000050
*Mar 1 2002 00:16:58: eap_peer : during state eap_peer_received, got event 6(eapSuccess)
*Mar 1 2002 00:16:58: @@@ eap_peer : eap_peer_received -> eap_peer_success
*Mar 1 2002 00:16:58: EAP-EVENT: Sending method directive 'Free Context' on handle 0xDF000050
*Mar 1 2002 00:16:58: EAP-EVENT: Sending lower layer event 'EAP_SUCCESS' on handle 0xDF000050
*Mar 1 2002 00:16:58: %DOT1X_SHIM-3-PLUMB_KEY_ERR: Unable to plumb keys - Eap key struct is NULL

Thanks
Charmaine

 

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

You need to ensure that the root brdige is configured within the radius server as an authenticator via an 802.11 connection for client STA, in this case a slave bridge.