Buy or Renew
Buy or Renew
Meraki Community is live! Welcome Meraki Members! Learn more here.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
795
Views
0
Helpful
2
Replies

AAA NPS RADIUS 3650

alfredit
Community Member

‎07-09-2018 09:37 AM - edited ‎02-21-2020 11:00 AM

Hi,

 

I have a little problem configuring my 3650 stack to work with my Server 2012 NPS radius.

It works actually with my wifi wlc config (eap tls with certificate!) but switches are giving me hard work !!

 

The problem is that I can put any PC on any port without any check fron the wsitch. I also don't see anything in the NPS logs.

 

Do I lack somethine in there? ?

 

Thanks a lot for your help!

 

---------------------------------------------------------------------

Here is my conf :

 

 vesion 16.3

 

aaa new-model


aaa authentication dot1x default group radius
aaa authentication dot1x method_list group radius
aaa authorization network default group radius


interface GigabitEthernet1/0/1
 description ### PC User ###
 switchport access vlan 22
 switchport mode access
 switchport voice vlan 7
 access-session port-control auto
 dot1x pae authenticator
 spanning-tree portfast
 spanning-tree bpduguard enable
!


radius server pri
 address ipv4 192.168.22.110 auth-port 1812 acct-port 1813
 key 7 033fdskjfqdskjhfdqkj
!
!

Labels:
0 Helpful
2 Replies 2

Seb Rupik
VIP Alumni
VIP Alumni

‎07-09-2018 09:43 AM

Hi there,

Have you actually defined the the server group 'radius' ? If not try the following, (as a personal best practice, always make text variables uppercase):

!
aaa group server radius RADIUS-SERVERS
  server 192.168.22.110
!
aaa authentication dot1x default group RADIUS-SERVERS
aaa authentication dot1x method_list group RADIUS-SERVERS
aaa authorization network default group RADIUS-SERVERS
!

If the group is already defined. Have you tried the test aaa command?

 

cheers,

Seb.

0 Helpful

alfredit
Community Member
In response to Seb Rupik

‎07-09-2018 09:55 AM - edited ‎07-09-2018 09:56 AM

The radius group is the default one, I tested with a user but I do not know how to test my computer certificate.

 

Thanks a lot

 

-------------------------------------------------------------

SW-CD-17EME#test aaa group radius user1 password1 new-code
User successfully authenticated

USER ATTRIBUTES

Framed-Protocol      0   1 [PPP]
service-type         0   2 [Framed]
noescape             0   True
autocmd              0   " ppp negotiate"

0 Helpful
Customers Also Viewed These Support Documents