Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2100
Views
0
Helpful
4
Replies

802.1x AP Supplicant with Microsoft NPS Radius

erichr
Level 1
Level 1

‎09-07-2018 05:50 AM

Hi there

 

I'm trying to implement wired 802.1x network security. I'v successfully configured my switch to support and forward the 802.1x auth request to my Microsoft Radius NPS Server.

With a Notebook client I can connect to a port on the switch and I have to enter my username and password, which are then sent to the NPS and verified with my AD. After I've confirmed a .

 

Now, I want that my Cisco APs (connected to a WLC) also to authenticate with 802.1x. The request is passed from the AP to through the switch to my NPS but I receive the following error in Event Log (on the NPS):

The client could not be authenticated  because the Extensible Authentication Protocol (EAP) Type cannot be processed by the server.

 

Is it not possible to use a Microsoft Radius Server for this?

 

Thanks for answering

Janis

 

---

On my Access Point I've debugged all dot1x traffic and found this:

[*09/05/2018 11:00:22.0475] hostapd:OpenSSL: tls_connection_ca_cert - Failed to load root certificates error:02001002:lib(2):func(1):reason(2)
[*09/05/2018 11:00:22.0475] hostapd:OpenSSL: pending error: error:2006D080:lib(32):func(109):reason(128)
[*09/05/2018 11:00:22.0475] hostapd:OpenSSL: pending error: error:0B084002:lib(11):func(132):reason(2)
[*09/05/2018 11:00:22.0475] hostapd:OpenSSL: tls_load_ca_der - Failed load CA in DER format error:02001002:lib(2):func(1):reason(2)
[*09/05/2018 11:00:22.0475] hostapd:OpenSSL: pending error: error:20074002:lib(32):func(116):reason(2)
[*09/05/2018 11:00:22.0475] hostapd:OpenSSL: pending error: error:0B06F002:lib(11):func(111):reason(2)
[*09/05/2018 11:00:22.0475] hostapd:TLS: Failed to set TLS connection parameters
[*09/05/2018 11:00:22.0475] hostapd:EAP-PEAP: Failed to initialize SSL.
[*09/05/2018 11:00:22.0475] hostapd:dot1x: EAP: Failed to initialize EAP method: vendor 0 method 25 (PEAP)
[*09/05/2018 11:00:22.0675] hostapd:dot1x: CTRL-EVENT-EAP-FAILURE EAP authentication failed
[*09/05/2018 11:00:25.7664] Waiting for preferred uplink IP configuration
[*09/05/2018 11:00:26.7761] Resetting wired0 and restart DHCP client
[*09/05/2018 11:00:28.8054] ADDRCONF(NETDEV_UP): wired0: link is not ready
[*09/05/2018 11:00:29.0054] ADDRCONF(NETDEV_CHANGE): wired0: link becomes ready
[*09/05/2018 11:00:29.0154] wired0: 1000 Mbps Full Duplex
Labels:
0 Helpful
4 Replies 4

Jason Kunst
Cisco Employee
Cisco Employee

‎09-07-2018 06:01 AM

This community is for support of Cisco ISE AAA server

Identity services engine

0 Helpful

erichr
Level 1
Level 1
In response to Jason Kunst

‎09-07-2018 06:14 AM

Sorry, my mistake. Can I move the post?

0 Helpful

Jason Kunst
Cisco Employee
Cisco Employee
In response to erichr

‎09-07-2018 06:28 AM

Under options in the upper right you could perhaps move to the wireless forum?
0 Helpful

erichr
Level 1
Level 1
In response to Jason Kunst

‎09-07-2018 07:11 AM

I see options, but I cannot move the post...

0 Helpful
Customers Also Viewed These Support Documents