Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
764
Views
5
Helpful
1
Replies

Cisco switch vs Windows NPS: Invalid credentials

Go to solution
mbender
Level 1
Level 1

‎07-05-2022 04:02 AM - edited ‎07-05-2022 04:03 AM

We've just bought a new Cisco switch for our office: CBS220-48T-4G. Full disclaimer - aside from setting up a VLAN once in the past, I'm pretty new to switching in general, let alone Cisco switches specifically.

I know that this switch offers 802.1x which I'm interested in implementing at our office. But, before that, I wanted to make sure that I have the basics right and as such wanted to set up a administrative access to the switch's HTTP/S portal. Additional disclosure: our NPS already works fine for our WiFi (via Sophos UTM) and for VPN (SSTP) and is able to authenticate clients correctly.

After setting up the basic settings (new RADIUS client on the NPS, new RADIUS server on the switch) and enabling the usage of RADIUS authentication for HTTP/S I've found I was still not able to log in. Investigating the logs I've found that while the switch is able to communicate with the NPS service correctly, I'm getting a "Unknown user name or bad password" error:

Reason Code: 16
Reason: Authentication failed due to a user credentials mismatch. Either the user name provided does not map to an existing user account or the password was incorrect.

I 100% certain I've been entering the correct credentials. I've tried a few (both my regular user as well as some administrative users we have in our AD) - all failed with the same error. I'm also a bit concerned that the authentication type is PAP, but I'm not sure if there's anything I can do about that.

If I change the newly created connection request policy for the Cisco switch to "Accept users without validating credentials" I can log in to the switch administrative portal using random credentials (obviously not something valid for any kind of production use, but good for a quick test).

Any idea what's wrong and why the credentials fail?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
mbender
Level 1
Level 1

‎07-05-2022 04:28 AM

I think I've resolved the issue. While I'm still not sure why the whole thing threw "invalid credentials" errors, after disabling and re-enabling the NPS request policy with different settings (I've changed the permitted encryption settings) I started getting different errors (this time related to an authentication mode mismatch - which made a lot more sense).

 

So apparently I had to disable and enable the policies for the NPS to internally refresh something. Anyway, my only concern is PAP usage, but I believe this is unavoidable with RADIUS.

View solution in original post

1 Reply 1

Go to solution
mbender
Level 1
Level 1

‎07-05-2022 04:28 AM

I think I've resolved the issue. While I'm still not sure why the whole thing threw "invalid credentials" errors, after disabling and re-enabling the NPS request policy with different settings (I've changed the permitted encryption settings) I started getting different errors (this time related to an authentication mode mismatch - which made a lot more sense).

 

So apparently I had to disable and enable the policies for the NPS to internally refresh something. Anyway, my only concern is PAP usage, but I believe this is unavoidable with RADIUS.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Switch products supported in this community
Cisco Business Product Family
  • CBS110
  • CBS220
  • CBS250
  • CBS350
Cisco Switching Product Family
  • 110
  • 200
  • 220
  • 250
  • 300
  • 350
  • 350X
  • 550X
Customers Also Viewed These Support Documents