Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2491
Views
1
Helpful
1
Replies

ISE Auth with NTRadPing EAP-PEAP

rldeshazer
Level 1
Level 1

‎10-21-2016 08:59 AM

Trying to test an ISE EAP-PEAP auth policy with NTRadPing, but struggling to figure out how to pass the correct RADIUS attributes. 

I believe I need the following Attribute Value Pairs:

        AVP: l=12 t=User-Name(1): joeuser

        AVP: l=18 t=User-Password(2): Encrypted

        AVP: l=19 t=Calling-Station-Id(31): a0:99:9b:3c:d2:f0

        AVP: l=30 t=Called-Station-Id(30): 58:bf:ea:fb:6f:80:mywireless

        AVP: l=6 t=NAS-Port(5): 13

        AVP: l=6 t=NAS-IP-Address(4): xxx.xxx.xx.xx

        AVP: l=12 t=NAS-Identifier(32): wlc

        AVP: l=6 t=Service-Type(6): Framed(2)

        AVP: l=6 t=Framed-MTU(12): 1300

        AVP: l=6 t=NAS-Port-Type(61): Wireless-802.11(19)

        AVP: l=6 t=Tunnel-Type(64) Tag=0x00: VLAN(13)

        AVP: l=6 t=Tunnel-Medium-Type(65) Tag=0x00: IEEE-802(6)

        AVP: l=5 t=Tunnel-Private-Group-Id(81): 619

        AVP: l=2 t=EAP-Message(79) Segment[1]

        AVP: l=18 t=Message-Authenticator(80)

But I am unsure how and what to populate EAP-Message and Message-Authenticator with.  Perhaps it is not possible if these contain negotiated, authentication keys.  Has anyone done this?

0 Helpful
1 Reply 1

howon
Cisco Employee
Cisco Employee

‎10-23-2016 05:52 PM

Have not used NTRADPing, but see if information in this link helps:

Manpage of RADEAPCLIENT

Customers Also Viewed These Support Documents