cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
configure & troubleshoot anyconnect
389
Views
0
Helpful
4
Replies
Highlighted
Beginner

802.1x AP Supplicant with Microsoft NPS Radius

Hi there

 

I'm trying to implement wired 802.1x network security. I'v successfully configured my switch to support and forward the 802.1x auth request to my Microsoft Radius NPS Server.

With a Notebook client I can connect to a port on the switch and I have to enter my username and password, which are then sent to the NPS and verified with my AD. After I've confirmed a .

 

Now, I want that my Cisco APs (connected to a WLC) also to authenticate with 802.1x. The request is passed from the AP to through the switch to my NPS but I receive the following error in Event Log (on the NPS):

The client could not be authenticated  because the Extensible Authentication Protocol (EAP) Type cannot be processed by the server.

 

Is it not possible to use a Microsoft Radius Server for this?

 

Thanks for answering

Janis

 

---

On my Access Point I've debugged all dot1x traffic and found this:

[*09/05/2018 11:00:22.0475] hostapd:OpenSSL: tls_connection_ca_cert - Failed to load root certificates error:02001002:lib(2):func(1):reason(2)
[*09/05/2018 11:00:22.0475] hostapd:OpenSSL: pending error: error:2006D080:lib(32):func(109):reason(128)
[*09/05/2018 11:00:22.0475] hostapd:OpenSSL: pending error: error:0B084002:lib(11):func(132):reason(2)
[*09/05/2018 11:00:22.0475] hostapd:OpenSSL: tls_load_ca_der - Failed load CA in DER format error:02001002:lib(2):func(1):reason(2)
[*09/05/2018 11:00:22.0475] hostapd:OpenSSL: pending error: error:20074002:lib(32):func(116):reason(2)
[*09/05/2018 11:00:22.0475] hostapd:OpenSSL: pending error: error:0B06F002:lib(11):func(111):reason(2)
[*09/05/2018 11:00:22.0475] hostapd:TLS: Failed to set TLS connection parameters
[*09/05/2018 11:00:22.0475] hostapd:EAP-PEAP: Failed to initialize SSL.
[*09/05/2018 11:00:22.0475] hostapd:dot1x: EAP: Failed to initialize EAP method: vendor 0 method 25 (PEAP)
[*09/05/2018 11:00:22.0675] hostapd:dot1x: CTRL-EVENT-EAP-FAILURE EAP authentication failed
[*09/05/2018 11:00:25.7664] Waiting for preferred uplink IP configuration
[*09/05/2018 11:00:26.7761] Resetting wired0 and restart DHCP client
[*09/05/2018 11:00:28.8054] ADDRCONF(NETDEV_UP): wired0: link is not ready
[*09/05/2018 11:00:29.0054] ADDRCONF(NETDEV_CHANGE): wired0: link becomes ready
[*09/05/2018 11:00:29.0154] wired0: 1000 Mbps Full Duplex
Everyone's tags (5)
4 REPLIES 4
Cisco Employee

Re: 802.1x AP Supplicant with Microsoft NPS Radius

This community is for support of Cisco ISE AAA server

Identity services engine

Beginner

Re: 802.1x AP Supplicant with Microsoft NPS Radius

Sorry, my mistake. Can I move the post?

Cisco Employee

Re: 802.1x AP Supplicant with Microsoft NPS Radius

Under options in the upper right you could perhaps move to the wireless forum?
Beginner

Re: 802.1x AP Supplicant with Microsoft NPS Radius

I see options, but I cannot move the post...