10-23-2017 10:58 AM - edited 03-11-2019 01:05 AM
Hi all.
I know this has been discussed a million times and I've racked my head doing research the past 3 days and still can't login to the switch. I am testing NPS via Windows Server 2012 R2. My Cisco switch is a 3750 running 12.2 (55)SE10.
I have my NPS connected to Gi1/0/13 and a test computer on Gi1/0/15. From my computer I can ping the NPS and vice versa. Both the NPS and computer are on VLAN 100 which in this test I have setup as my management VLAN.
When I run the test aaa group radius server 192.x.x.17 testuser Password new-code I get the user successfully authenticated. When I try and login to the Cisco switch I am unable to.
My NPS is setup as followed:
Radius clients
Friendly name test
ip address 192.x.x.16
shared secret cisco
advanced tab vendor name is Cisco.
Connection Policy:
Policy name test
condition with client friendly name being test
everything under the setting tab is left to default
Network Policy:
Policy Name Network Engineers
Policy enabled and grant access
Condition is user groups TestEnvironment\Network_Engineers
Client Friendly Name test
constraints is unencrypted PAP, SPAP
settings tab has standard with the service-type being login
vendor specific is cisco with shell:priv-lvl=15
everything else is left to the defaults
Thanks!
Patrick
02-05-2018 11:35 PM
- Can you add the following to your switch configuration (check if it helps) :
radius-server attribute 6 on-for-login-auth
radius-server attribute 6 support-multiple
radius-server attribute 8 include-in-access-req
radius-server attribute 25 access-request include
radius-server attribute nas-port format d
radius-server attribute list custom
attribute 87
M.
02-06-2018 12:29 AM
In this case I would look at the NPS server logs. What do you see in the NPS and in the security log?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide