Scribd Logo
Upload

Welcome to Scribd!

  • 180 views

    Eap TLS

    Uploaded by

    scribdbhanu
    - The document summarizes a RADIUS authentication session that succeeded for user "rajivtest" connecting from MAC address D4-BE-D9-0F-B3-A7. The authentication used EAP-TLS and succeeded after multiple challenge/response exchanges. The user was authorized for default network access based on the configured authorization policies.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd

    Eap TLS

    Uploaded by

    scribdbhanu
    180 views3 pages
    - The document summarizes a RADIUS authentication session that succeeded for user "rajivtest" connecting from MAC address D4-BE-D9-0F-B3-A7. The authentication used EAP-TLS and succeeded after multiple challenge/response exchanges. The user was authorized for default network access based on the configured authorization policies.

    Original Description:

    EAP-TLS

    Original Title

    EAP-TLS

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    - The document summarizes a RADIUS authentication session that succeeded for user "rajivtest" connecting from MAC address D4-BE-D9-0F-B3-A7. The authentication used EAP-TLS and succeeded after multiple challenge/response exchanges. The user was authorized for default network access based on the configured authorization policies.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    180 views3 pages

    Eap TLS

    Uploaded by

    scribdbhanu
    - The document summarizes a RADIUS authentication session that succeeded for user "rajivtest" connecting from MAC address D4-BE-D9-0F-B3-A7. The authentication used EAP-TLS and succeeded after multiple challenge/response exchanges. The user was authorized for default network access based on the configured authorization policies.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    of 3
    At a glance
    Powered by AI
    The document details the authentication of a user named rajivtest using AAA and RADIUS protocols. It shows the authentication using EAP-TLS and goes through the full TLS handshake process.

    EAP-TLS is being used for authentication over RADIUS.

    The main steps shown are: network device forwarding access request to AAA server, AAA server challenging for credentials, validating credentials through multiple TLS exchanges, user authentication passing and access being permitted.

    AAA Protocol > RADIUS Authentication Detail

    ACS
    session ID he2tacs01/184954131/3
    :
    Date :
    March 23, 2014
    Generated on March 23, 2014 11:05:15 AM EDT

    Authentication Summary
    Logged At:
    RADIUS Status:
    NAS Failure:
    Username:
    MAC/IP Address:
    Network Device:
    Access Service:
    Identity Store:
    Authorization Profiles:
    CTS Security Group:
    Authentication Method:

    Actions

    Mar 23,14 9:31:14.710 AM


    Authentication succeeded
    rajivtest
    D4-BE-D9-0F-B3-A7
    switch:172.26.104.1:GigabitEthernet0/8
    Default Network Access

    Troubleshoot Authentication
    View Diagnostic Messages

    Audit Network Device Configuration


    View Network Device Configuration
    View ACS Configuration Changes

    Permit Access
    x509_PKI

    Authentication Result
    User-Name=rajivtest
    Class=CACS:he2tacs01/184954131/3
    EAP-Key-Name=0d:53:2e:5c:d0:7a:07:ee:9e:3d:6c:d7:cf:e1:cf:0d:8d:bf:85:90:ee:9a:03:6e:14:4e:b3:54:2b:b5:3a:b5:26:53:2e:e2:1f:2e:da:8b:80:00:f6:72:e4:4d:00:
    45:27:71:e5:02:0d:d7:de:06:bc:87:6c:0d:6a:46:07:1b:a2

    Session Events
    Radius authentication passed for USER: rajivtest MAC: D4-BE-D9-0F-B3
    -A7 AUTHTYPE:

    Mar 23,14 9:31:14.710 AM

    Authentication Details
    Logged At:
    ACS Time:
    ACS Instance:
    Authentication Method:
    EAP Authentication
    Method :
    EAP Tunnel Method :

    Mar 23,14 9:31:14.710 AM


    Mar 23,14 9:31:14.696 AM
    he2tacs01
    x509_PKI
    EAP-TLS

    User

    ACS Username:
    RADIUS Username :
    Calling Station ID:
    Framed IP Address:
    Host Lookup:

    rajivtest
    rajivtest
    D4-BE-D9-0F-B3-A7

    Network Device

    Network Device:
    Network Device
    Groups:
    NAS IP Address:
    NAS Identifier:
    NAS Port:
    NAS Port ID:
    NAS Port Type:

    switch
    Device Type:All Device Types
    Location:All Locations
    172.26.104.1
    50008
    GigabitEthernet0/8
    Ethernet

    Access Policy

    Access Service:
    Default Network Access
    Identity Store:
    Authorization Profiles: Permit Access
    Exception
    Authorization Profiles:
    Active Directory
    Domain:
    Identity Group:

    Radius authentication passed

    Access Service
    Selection Matched Rule Rule-1
    :
    Identity Policy Matched
    Default
    Rule:
    Selected Identity Stores
    :
    Query Identity Stores:
    Selected Query Identity
    Stores:
    Group Mapping Policy
    Matched Rule:
    Authorization Policy
    Default
    Matched Rule:
    Authorization
    Exception Policy
    Matched Rule:
    CTS

    CTS Security Group:


    Other

    ACS Session ID:


    Audit Session ID:
    Tunnel Details:
    H323 Attributes:
    SSG Attributes:
    Cisco-AVPairs:

    Other Attributes:

    he2tacs01/184954131/3

    ACSVersion=acs-5.5.0.46-B.723
    ConfigVersionId=12
    Protocol=Radius
    Service-Type=Framed
    Framed-MTU=1500
    State=31SessionID=he2tacs01/184954131/3;
    Called-Station-ID=00-14-A8-6B-68-08
    Device IP Address=172.26.104.1

    Steps
    11001 Received RADIUS Access-Request
    11017 RADIUS created a new session
    Evaluating Service Selection Policy
    15004 Matched rule
    15012 Selected Access Service - Default Network Access
    11507 Extracted EAP-Response/Identity
    12500 Prepared EAP-Request proposing EAP-TLS with challenge
    12625 Valid EAP-Key-Name attribute received.
    11006 Returned RADIUS Access-Challenge
    11001 Received RADIUS Access-Request
    11018 RADIUS is re-using an existing session
    12502 Extracted EAP-Response containing EAP-TLS challenge-response and accepting EAP-TLS as negotiated
    12800 Extracted first TLS record; TLS handshake started.
    12805 Extracted TLS ClientHello message.
    12806 Prepared TLS ServerHello message.
    12807 Prepared TLS Certificate message.
    12809 Prepared TLS CertificateRequest message.
    12505 Prepared EAP-Request with another EAP-TLS challenge
    11006 Returned RADIUS Access-Challenge
    11001 Received RADIUS Access-Request
    11018 RADIUS is re-using an existing session
    12504 Extracted EAP-Response containing EAP-TLS challenge-response
    12505 Prepared EAP-Request with another EAP-TLS challenge
    11006 Returned RADIUS Access-Challenge
    11001 Received RADIUS Access-Request
    11018 RADIUS is re-using an existing session
    12504 Extracted EAP-Response containing EAP-TLS challenge-response
    12505 Prepared EAP-Request with another EAP-TLS challenge
    11006 Returned RADIUS Access-Challenge
    11001 Received RADIUS Access-Request
    11018 RADIUS is re-using an existing session
    12504 Extracted EAP-Response containing EAP-TLS challenge-response

    12505 Prepared EAP-Request with another EAP-TLS challenge


    11006 Returned RADIUS Access-Challenge
    11001 Received RADIUS Access-Request
    11018 RADIUS is re-using an existing session
    12504 Extracted EAP-Response containing EAP-TLS challenge-response
    12571 ACS will continue to CRL verification if it is configured for specific CA
    12571 ACS will continue to CRL verification if it is configured for specific CA
    12811 Extracted TLS Certificate message containing client certificate.
    12812 Extracted TLS ClientKeyExchange message.
    12813 Extracted TLS CertificateVerify message.
    12804 Extracted TLS Finished message.
    12801 Prepared TLS ChangeCipherSpec message.
    12802 Prepared TLS Finished message.
    12816 TLS handshake succeeded.
    12509 EAP-TLS full handshake finished successfully
    12505 Prepared EAP-Request with another EAP-TLS challenge
    11006 Returned RADIUS Access-Challenge
    11001 Received RADIUS Access-Request
    11018 RADIUS is re-using an existing session
    12504 Extracted EAP-Response containing EAP-TLS challenge-response
    Evaluating Identity Policy
    15006 Matched Default Rule
    22037 Authentication Passed
    Evaluating Group Mapping Policy
    12506 EAP-TLS authentication succeeded
    Evaluating Exception Authorization Policy
    15042 No rule was matched
    Evaluating Authorization Policy
    15006 Matched Default Rule
    15016 Selected Authorization Profile - Permit Access
    22065 Max sessions policy passed
    22064 New accounting session created in Session cache
    11503 Prepared EAP-Success
    11002 Returned RADIUS Access-Accept

    You might also like