https://community.cisco.com/t5/network-access-control/aaa-nps-radius-3650/m-p/3412789#M548008 <P>Hi,</P> <P>&nbsp;</P> <P>I have a little problem configuring my 3650 stack to work with my Server 2012 NPS radius.</P> <P>It works actually with my wifi wlc config (eap tls with certificate!) but switches are giving me hard work !!</P> <P>&nbsp;</P> <P>The problem is that I can put any PC on any port <U>without any check fron the wsitch</U>. I also don't see anything in the NPS logs.</P> <P>&nbsp;</P> <P>Do I lack somethine in there? ?</P> <P>&nbsp;</P> <P>Thanks a lot for your help!</P> <P>&nbsp;</P> <P>---------------------------------------------------------------------</P> <P>Here is my conf :</P> <P>&nbsp;</P> <P>&nbsp;vesion 16.3</P> <P>&nbsp;</P> <P>aaa new-model</P> <P><BR />aaa authentication dot1x default group radius<BR />aaa authentication dot1x method_list group radius<BR />aaa authorization network default group radius</P> <P><BR />interface GigabitEthernet1/0/1<BR />&nbsp;description ### PC User ###<BR />&nbsp;switchport access vlan 22<BR />&nbsp;switchport mode access<BR />&nbsp;switchport voice vlan 7<BR />&nbsp;access-session port-control auto<BR />&nbsp;dot1x pae authenticator<BR />&nbsp;spanning-tree portfast<BR />&nbsp;spanning-tree bpduguard enable<BR />!</P> <P><BR />radius server pri<BR />&nbsp;address ipv4 192.168.22.110 auth-port 1812 acct-port 1813<BR />&nbsp;key 7 033fdskjfqdskjhfdqkj<BR />!<BR />!</P> Fri, 21 Feb 2020 19:00:30 GMT alfredit 2020-02-21T19:00:30Z https://community.cisco.com/t5/network-access-control/aaa-nps-radius-3650/m-p/3412789#M548008 <P>Hi,</P> <P>&nbsp;</P> <P>I have a little problem configuring my 3650 stack to work with my Server 2012 NPS radius.</P> <P>It works actually with my wifi wlc config (eap tls with certificate!) but switches are giving me hard work !!</P> <P>&nbsp;</P> <P>The problem is that I can put any PC on any port <U>without any check fron the wsitch</U>. I also don't see anything in the NPS logs.</P> <P>&nbsp;</P> <P>Do I lack somethine in there? ?</P> <P>&nbsp;</P> <P>Thanks a lot for your help!</P> <P>&nbsp;</P> <P>---------------------------------------------------------------------</P> <P>Here is my conf :</P> <P>&nbsp;</P> <P>&nbsp;vesion 16.3</P> <P>&nbsp;</P> <P>aaa new-model</P> <P><BR />aaa authentication dot1x default group radius<BR />aaa authentication dot1x method_list group radius<BR />aaa authorization network default group radius</P> <P><BR />interface GigabitEthernet1/0/1<BR />&nbsp;description ### PC User ###<BR />&nbsp;switchport access vlan 22<BR />&nbsp;switchport mode access<BR />&nbsp;switchport voice vlan 7<BR />&nbsp;access-session port-control auto<BR />&nbsp;dot1x pae authenticator<BR />&nbsp;spanning-tree portfast<BR />&nbsp;spanning-tree bpduguard enable<BR />!</P> <P><BR />radius server pri<BR />&nbsp;address ipv4 192.168.22.110 auth-port 1812 acct-port 1813<BR />&nbsp;key 7 033fdskjfqdskjhfdqkj<BR />!<BR />!</P> Fri, 21 Feb 2020 19:00:30 GMT https://community.cisco.com/t5/network-access-control/aaa-nps-radius-3650/m-p/3412789#M548008 alfredit 2020-02-21T19:00:30Z https://community.cisco.com/t5/network-access-control/aaa-nps-radius-3650/m-p/3412795#M548009 <P>Hi there,</P> <P>Have you actually defined the the server group 'radius' ? If not try the following, (as a personal best practice, always make text variables uppercase):</P> <PRE>! aaa group server radius RADIUS-SERVERS server 192.168.22.110 ! aaa authentication dot1x default group RADIUS-SERVERS aaa authentication dot1x method_list group RADIUS-SERVERS aaa authorization network default group RADIUS-SERVERS !</PRE> <P>If the group is already defined. Have you tried the <STRONG>test aaa</STRONG> command?</P> <P>&nbsp;</P> <P>cheers,</P> <P>Seb.</P> Mon, 09 Jul 2018 16:43:56 GMT https://community.cisco.com/t5/network-access-control/aaa-nps-radius-3650/m-p/3412795#M548009 Seb Rupik 2018-07-09T16:43:56Z https://community.cisco.com/t5/network-access-control/aaa-nps-radius-3650/m-p/3412802#M548010 <P>The radius group is the default one, I tested with a user but I do not know how to test my computer certificate.</P> <P>&nbsp;</P> <P>Thanks a lot</P> <P>&nbsp;</P> <P>-------------------------------------------------------------</P> <P>SW-CD-17EME#test aaa group radius user1 password1 new-code<BR />User successfully authenticated<BR /><BR />USER ATTRIBUTES<BR /><BR />Framed-Protocol&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 0&nbsp;&nbsp; 1 [PPP]<BR />service-type&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 0&nbsp;&nbsp; 2 [Framed]<BR />noescape&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 0&nbsp;&nbsp; True<BR />autocmd&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 0&nbsp;&nbsp; " ppp negotiate"</P> Mon, 09 Jul 2018 16:56:41 GMT https://community.cisco.com/t5/network-access-control/aaa-nps-radius-3650/m-p/3412802#M548010 alfredit 2018-07-09T16:56:41Z