cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

1892
Views
0
Helpful
3
Replies
Andre Liverod
Beginner

Configuring Radius on catalyst 3850 GUI

Hi,

I am currently trying to configure Radius server on the Catalyst 3850, Ive configured Radius authentication with Windows NPS server and certificates on many occasions on WLC 2500 etc. using GUI. This is my first time using 3850 and the GUI here is somewhat different and I cannot figure out what I am doing wrong. NPS server and Certificate Server is up and want to authenticate using EAP-TLS. It seems my problem is the controller configuration, when i try to authenticate with the SSID it says "cannot connect" and when i check under Monitor -> Radius authentication stats i see no packets at all. So as far as i can see this is a controller config problem. On for example WLC 2500, you create the link to the Radius server and then you point to it in the wlan ssid, nothing more. Here there seems to be some more steps and I think i am missing something, but what is it?

01.png

02.png

03.png

04.png

05.png

06.png

07.png

3 REPLIES 3
Jatin Katyal
Cisco Employee

Could you please verify the WLC config from the below listed link for setting up WLC for PEAP MSCHAPv2

http://www.cisco.com/en/US/products/ps10315/products_configuration_example09186a0080bd1100.shtml#wlc

~BR
Jatin Katyal

**Do rate helpful posts**

~Jatin

Hi, thanks for answer. The link you posted is how i would configure it on a regular WLC, and is how I am trying to configure the 3850, however I am not able to do this as you can see in my printscreens the GUI here is quite different. Its like the controller dont recognize that i have registered an radius server under mye AAA settings on the SSID.

By the way ignore printscreen 3 where I have checked local EAP authentication, I just did this to test. im running version 3.2.2 and the switch type is 3850- 48PW-S

Roger Alderman
Participant

Hi

You may have missed off a crucial step.

If you go to the Security Page - Method Lists - General you will find a setting called 'dot1x system auth control'.

Make sure this is ticked otherwise the 3850 doesn't send any Radius requests.

You can see if Radius is working by using the 'show aaa servers' command from the CLI.

It will show you if the Radius Server is up and you can see how many requests have been sent, successes and failures.

Hope this helps.

Regards

Roger

Content for Community-Ad