Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
7998
Views
0
Helpful
15
Replies

Cisco Switch Authentication with Microsoft NPS Case Sensitive Issue.

Go to solution
Samuel Caunt
Level 1
Level 1

‎05-09-2022 07:28 AM

Hi All, 

 

I'm a little confused and i need someone to check over my configuration as i am experiencing a few issues when authenticating to switches using Microsoft NPS. To set the scene I have a number of switches as follows:

 

1. WS-C3850-24XS 16.6.5

2.  C9300-48T 16.12.4 

 

I have configured both with the following NPS configurations (some details have been removed IP Address and replaced with test ones)

 

aaa new-model

 

radius server NPS-01
address ipv4 10.10.10.11 auth-port 1812 acct-port 1813
key REMOVED

 

radius server NPS-02
address ipv4 10.10.10.10 auth-port 1812 acct-port 1813
key REMOVED

 

aaa group server radius NPSGroup
server name NPS-01
server name NPS-02

 

aaa authentication login userAuthentication local group NPSGroup
aaa authorization exec userAuthorization local group NPSGroup if-authenticated
aaa authorization network userAuthorization local group NPSGroup
aaa accounting exec default start-stop group NPSGroup
aaa accounting system default start-stop group NPSGroup
radius-server deadtime 1


line vty 1 4
authorization exec userAuthorization
login authentication userAuthentication

 

line vty 5 15
authorization exec userAuthorization
login authentication userAuthentication

 

I have setup all the relevant NPS policies accordingly and CAN authenticate to them...........however 

 

when i try to authenticate to these switches i require to use either lowercase credentials for login for 1. WS-C3850-24XS or UPPERCASE credentials for login for 2. C9300-48T 16.12.4 

 

1. WS-C3850-24XS 16.6.5 (lowercase only credentials)

2.  C9300-48T 16.12.4  (uppercase only credentials)

 

Although my AD Account is lowercase If i don't use the right UPPERCASE or lowercase credentials this doesn't appear to authenticate me to the switch although it does if i use vice verse. 

 

What config is missing/causing this and how do i fix it? 

 

Do i need to provide any other details?.

 

Thanks

Sam

 

Labels:
0 Helpful
15 Replies 15

Go to solution
dabitgall21
Level 1
Level 1

‎06-17-2024 09:38 AM

Hello everyone

¿Can somebody help me please? I need to provide network access to Out-of-domain computers by NPS

i have the following configuration

aaa new-model
!
aaa authentication dot1x default group radius
aaa authorization network default group radius
!
aaa session-id common

dot1x system-auth-control

!

radius-server host 10.3.1.12 key cisconps
!
radius server PCRADIUS-123
address ipv4 10.100.1.12 auth-port 1812 acct-port 1813
key shared24

 

On port i have this configuration:
interface GigabitEthernet1/0/9
switchport mode access
authentication host-mode multi-auth
authentication port-control auto
dot1x pae authenticator
spanning-tree portfast

I can provide access to network by NPS but just for Computers within the domain, now i need to provide the access to a guest network in Out-of-domain computers.

I hope you can help me, regards.

 

0 Helpful
Customers Also Viewed These Support Documents