1 Reply Latest reply: Apr 10, 2012 12:34 AM by Fabio - FW specialist RSS

    What does a failed EAP/RADIUS Authentication look like in wireshark?


      Hi guys,


      Im trying out some 802.1x stuff on a rented rack. I havent been able to get it to work yet so i thought i would start with something simple like EAP-MD5 since that doesnt involve using certificates. The client i am using is an XP SP2 machine with the native supplicant, it asks me for credentials at which point i enter a username and password (same as configured on the user profile on the acs server). I see the EAP identity response packet get sent and then on the ACS machine i see a radius packet coming from the switch.


      The problem is all i get back from the ACS server is ICMP destination port unreachable packets. It says icmp but it also has the radius info in the packet body. So is this what an EAP/RADIUS auth failure generates? The annoying thing is that the failed auth log file in ACS doesnt have any entries.


      Anyone have any ideas?