Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1490
Views
1
Helpful
6
Replies

dot1x and mab on cisco switch with window server NPS question

keith-mk-li
Level 1
Level 1

‎11-02-2024 01:08 AM - last edited on ‎11-02-2024 03:22 AM by Cisco Employee

 

Dear All, 

 

          i'm going to configure cisco aaa authentication with dot1x and mab on window server NPS on server 2022, may i ask is below documentation look correct ? as i read the article is talking about logging in to the cisco switch with ad credential, but my aim is to authenticate with dot1x and mab on the switchport, any help would be appreicated 

https://arista.my.site.com/AristaCommunity/s/article/setting-up-ad-nps-and-radius-authentication-using-windows-nps

 

Keith 

Labels:
0 Helpful
6 Replies 6

Flavio Miranda
VIP
VIP

‎11-02-2024 02:28 AM

@keith-mk-li 

 This document is not what you need. This document is for device access using Radius.

 Search for 802.1x in NPS and Cisco devices

0 Helpful

keith-mk-li
Level 1
Level 1

‎11-02-2024 02:51 AM

 

 

this is the one 

https://www.youtube.com/watch?v=jkvayOyoX-E

 

Windows 2012 Domain Controller 802.1x Authentication Radius Cisco Part 2
Windows 2012 Domain Controller 802.1x Authentication Radius Cisco Part 2
youtube.com/watch?v=jkvayOyoX-E
In this Exclusive RivanIT Training Video, We will teach you how to Install windows 2012 server Domain controller with Certificate services and Network Policy server as the Authenticating server for 802.1x on a Cisco 3560 Switch. Part one covers the installation of the services while part two is ...

keith-mk-li
Level 1
Level 1

‎11-02-2024 11:53 AM

 

Dear All,

 

 

I recently deploying cisco aaa dot1x and mab with window server NPS, and in the cisco switch i could authenticate with usintg "aaa test group" successfully, and in the NPS event log i could see the its success, but when it comes to "sh authentication sessions" its show UNKNOWN Unauth, and below are the NPS policy setting, just it look correct ?

i also tried to follow the link to create https://sharifulhoque.blogspot.com/2019/08/8021x-wired-authentication-with-cisco.html?m=1  but i received an error "The connection request did not match any configured network policy." any help would be appreicated

 

 

from event logs Network Policy and Access Services

 

Network Policy Server granted access to a user.

User:

Security ID: MINGTECH\john.chan

Account Name: john.chan

Account Domain: MINGTECH

Fully Qualified Account Name: MINGTECH\john.chan

Client Machine:

Security ID: NULL SID

Account Name: -

Fully Qualified Account Name: -

Called Station Identifier: -

Calling Station Identifier: -

NAS:

NAS IPv4 Address: 192.168.12.230

NAS IPv6 Address: -

NAS Identifier: -

NAS Port-Type: -

NAS Port: -

RADIUS Client:

Client Friendly Name: cn-switch

Client IP Address: 192.168.12.230

Authentication Details:

Connection Request Policy Name: Secure Wireless Connections Home

Network Policy Name: dot1x-policy

Authentication Provider: Windows

Authentication Server: cn-server-NPS.mingtech.com

Authentication Type: PAP

EAP Type: -

Account Session Identifier: -

Logging Results: Accounting information was written to the local log file.

 

 

 

Connection Request Policy: Secure Wireless Connections Home

 

NPS2.jpg

 

NPS3.jpg

 

Network Policy

NPS4.jpg

 

NPS5.jpg

 

NPS6.jpg

 

NPS7.jpg

 

 

Keith

 

 

0 Helpful

MHM Cisco World
VIP
VIP
In response to keith-mk-li

‎11-03-2024 03:49 AM

Can i see 

Show aaa server 

Show authc session interface details 

MHM

0 Helpful

Aref Alsouqi
VIP
VIP

‎11-04-2024 03:22 AM

The session seems to match PAP authentication type that you should turn off. Please check this link for the NPS configs:

RUCKUS Forums - 802.1x authentication with NPS policies- Windows S... - CommScope RUCKUS Community Forums

0 Helpful
Customers Also Viewed These Support Documents