Home | Site Map | Cisco How ToNet How To | Wireless |Search | Forums | Services | Donations | Careers | About Us | Contact Us|

Event ID 2 Reason-Code = 70

Wi-Fi, Mobile phone.

Event ID 2 Reason-Code = 70

Postby blin » Wed Oct 30, 2013 10:23 pm

Q: I am trying to configure a Cisco RV120W wireless using RADIUS. The IAS server is Windows 2003. The wireless client can’t access the wireless. The ISA server keep getting this error:

Event Type: Warning

Event Source: IAS

Event Category: None

Event ID: 2

User: N/A

Computer: DEVICES1

Description:

User ntdomain\blin was denied access.

Fully-Qualified-User-Name = chicagotech.org/Users/Bob Lin

NAS-IP-Address = 10.0.30.102

NAS-Identifier = <not present>

Called-Station-Identifier = <not present>

Calling-Station-Identifier = <not present>

Client-Friendly-Name = RV102-Domain

Client-IP-Address = 10.0.30.102

NAS-Port-Type = <not present>

NAS-Port = <not present>

Proxy-Policy-Name = Use Windows authentication for all users

Authentication-Provider = Windows

Authentication-Server = <undetermined>

Policy-Name = CBG-All

Authentication-Type = EAP

EAP-Type = <undetermined>

Reason-Code = 70

Reason = The user attempted to connect using a dial-in medium that did not match the restricted dial-in media. Check the dial-in constraints for the matching remote access policy.

The Cisco RV120W public wireless and WPA2 work fine. Other Cisco 1240 wireless using RADIUS works fine with this event:

Event Type: Information

Event Source: IAS

Event Category: None

Event ID: 1

Date: 10/18/2013

Time: 1:33:19 PM

User: N/A

Computer: DEVICES1

Description:

User blin was granted access.

Fully-Qualified-User-Name = chicagotech.org/Users/Bob Lin

NAS-IP-Address = 10.0.20.103

NAS-Identifier = WLC2504

Client-Friendly-Name = WLC2504

Client-IP-Address = 10.0.20.103

Calling-Station-Identifier = 90-18-7c-e6-95-aa

NAS-Port-Type = Wireless - IEEE 802.11

NAS-Port = 1

Proxy-Policy-Name = Use Windows authentication for all users

Authentication-Provider = Windows

Authentication-Server = <undetermined>

Policy-Name = CBG-All

Authentication-Type = PEAP

EAP-Type = Secured password (EAP-MSCHAP v2)

Can you help?
How to Configure and Troubleshoot Cisco
http://www.howtocisco.com

Tablet and Smartphone Setup Guide
http://www.quicksetupguide.com
blin
Site Admin
 
Posts: 3643
Joined: Wed Dec 31, 1969 7:00 pm
Location: Chicago, USA

Re: Event ID 2 Reason-Code = 70

Postby blin » Wed Oct 30, 2013 10:23 pm

I have analyzed the two system event messages. The description of the warning message is "The user attempted to connect using a dial-in medium that did not match the restricted dial-in media. Check the dial-in constraints for the matching remote access policy. ". So I first check the access policies of the two messages. I find they are using the same policy as below:

Proxy-Policy-Name = Use Windows authentication for all users
Authentication-Pr4ovider = Windows
Authentication-Server = <undetermined>
Policy-Name = CBG-All

So it seems like the policy setting should have no issue. Then I find the authentication methods for the two messages are different. The working one use the PEAP as below:
Authentication-Type = PEAP
EAP-Type = Secured password (EAP-MSCHAP v2)

In the warning message, the authentication type is EAP as below:
Authentication-Type = EAP
EAP-Type = <undetermined>

I think this may be the reason of the issue. To solve this issue. Please set the Cisco RV120W to also use the PEAP and EAP-MSCHAPv2 as the authentication method.
How to Configure and Troubleshoot Cisco
http://www.howtocisco.com

Tablet and Smartphone Setup Guide
http://www.quicksetupguide.com
blin
Site Admin
 
Posts: 3643
Joined: Wed Dec 31, 1969 7:00 pm
Location: Chicago, USA

Re: Event ID 2 Reason-Code = 70

Postby blin » Wed Oct 30, 2013 10:25 pm

I can't find the place to configure PEAP on the Cisco wireless. Is it possible configure IAS to use EAP? If yes, how?
How to Configure and Troubleshoot Cisco
http://www.howtocisco.com

Tablet and Smartphone Setup Guide
http://www.quicksetupguide.com
blin
Site Admin
 
Posts: 3643
Joined: Wed Dec 31, 1969 7:00 pm
Location: Chicago, USA

Re: Event ID 2 Reason-Code = 70

Postby blin » Wed Oct 30, 2013 10:25 pm

You can modify on the IAS to add the EAP authentication type. Please follow the steps below:

1. open the IAS and choose the "Remote Access Policies", then double click on the "CBG-All"

2. please check the bottom of the "Properties" first, if you are using the "Deny remote access permission", then you can simply delete the "Authentication-Type matches"....."" codition. In this way, the IAS won't care about the Authentication Type any more. If you are using the "Grant remote access permission", Then please edit the "Authentication-Type matches"....."" condition.

3, As the last step said, if you are using the "Grant remote access permission", please add the "EAP" to the right.

4, Then Press "OK" to finish the set up.
How to Configure and Troubleshoot Cisco
http://www.howtocisco.com

Tablet and Smartphone Setup Guide
http://www.quicksetupguide.com
blin
Site Admin
 
Posts: 3643
Joined: Wed Dec 31, 1969 7:00 pm
Location: Chicago, USA


Return to Wireless

Your Ad Here

Who is online

Users browsing this forum: No registered users and 1 guest