cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Announcement“Cisco Design Thinking Workshop”. Cisco Small Business is excited to invite its Silicon Valley customers to an exclusive interactive one-day session between customers and product Managers.  If you are interested in this exclusive workshop, please fill out the Registration Form. For more information, please check out our FAQ


Get the latest new and information the November issue of the Cisco Small Business Monthly Newsletter

324
Views
0
Helpful
1
Replies

WAP561 Access Point and external Radius Authentication (Windows Server NPAS)

WAP561 Access Point and external Radius Authentication (Windows Server NPAS)


Hi,

I've troubles on configuring Radius Authentication 

AP: Cisco WAP561
Radius Server: (Windows Server 2016 - NPAS)

I've configured an Access Point Network with Security (WPA Enterprise) setting RADIUS authentication (Fig. 1)
Default Radius server setting in System Security.

Tryed Mobile and laptop access to WI-FI Network without success.
After username and password device prompt submit, authentication fails

AP log:

 

May 17 2019 17:49:39	debug	hostapd[5640]	station: fc:18:3c:59:XX:XX deauthenticated	 
May 17 2019 17:49:39	info	hostapd[5640]	STA fc:18:3c:59:XX:XX disassociated from BSSID e0:ac:f1:c5:YY:YY reason 8: Sending STA is leaving BSS	 
May 17 2019 17:49:39	debug	hostapd[5640]	station: fc:18:3c:59:XX:XX deauthenticated	 
May 17 2019 17:49:39	info	hostapd[5640]	STA fc:18:3c:59:XX:XX disassociated from BSSID e0:ac:f1:c5:YY:YY reason 8: Sending STA is leaving BSS	 
May 17 2019 17:49:39	debug	hostapd[5640]	station: fc:18:3c:59:XX:XX deauthenticated	 
May 17 2019 17:49:39	info	hostapd[5640]	STA fc:18:3c:59:XX:XX disassociated from BSSID e0:ac:f1:c5:YY:YY reason 8: Sending STA is leaving BSS	 
May 17 2019 17:49:39	info	hostapd[5640]	Station fc:18:3c:59:XX:XX had an authentication failure, reason 15	 
May 17 2019 17:49:39	info	hostapd[5640]	STA fc:18:3c:59:XX:XX associated with BSSID e0:ac:f1:c5:YY:YY	 
May 17 2019 17:49:39	info	hostapd[5640]	Assoc request from fc:18:3c:59:XX:XX BSSID e0:ac:f1:c5:YY:YY SSID AP1-RADIUS-TEST	 
May 17 2019 17:49:39	err		hostapd[5640]	trying to deauthenticate to station fc:18:3c:59:XX:XX, but not authenticated	 
May 17 2019 17:49:39	err		hostapd[5640]	trying to update accounting statistics, station fc:18:3c:59:XX:XX not found	 
May 17 2019 17:49:39	info	hostapd[5640]	STA fc:18:3c:59:XX:XX deauthed from BSSID e0:ac:f1:c5:YY:YY reason 3: STA is leaving IBSS or ESS

This is NPAS log:

"SRV-0114-XXXXXX","IAS",05/17/2019,17:50:09,1,"myusername","MYDOMAIN\myusername","E0-AC-F1-C5-YY-YY:AP1-RADIUS-TEST","FC-18-3C-59-XX-XX",,,,"192.168.AA.AA",0,9,"192.168.AA.AA","CISCO-WAP561-AP1",,,19,"CONNECT 0Mbps 802.11g",,,,,0,"311 1 192.168.BB.BB 05/17/2019 15:44:58 1",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Connessioni wireless sicure",1,,,,
"SRV-0114-XXXXXX","IAS",05/17/2019,17:50:09,11,,"MYDOMAIN\myusername",,,,,,,,9,"192.168.AA.AA","CISCO-WAP561-AP1",,,,,,,,,0,"311 1 192.168.BB.BB 05/17/2019 15:44:58 1",60,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Connessioni wireless sicure",1,,,,
"SRV-0114-XXXXXX","IAS",05/17/2019,17:50:09,1,"myusername","MYDOMAIN\myusername","E0-AC-F1-C5-YY-YY:AP1-RADIUS-TEST","FC-18-3C-59-XX-XX",,,,"192.168.AA.AA",0,9,"192.168.AA.AA","CISCO-WAP561-AP1",,,19,"CONNECT 0Mbps 802.11g",,,5,,0,"311 1 192.168.BB.BB 05/17/2019 15:44:58 2",,,,"",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Connessioni wireless sicure",1,,,,
"SRV-0114-XXXXXX","IAS",05/17/2019,17:50:09,3,,"MYDOMAIN\myusername",,,,,,,,9,"192.168.AA.AA","CISCO-WAP561-AP1",,,,,,,5,,22,"311 1 192.168.BB.BB 05/17/2019 15:44:58 2",,,,"",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Connessioni wireless sicure",1,,,,

What are the correct settings for "Network Policies" and "Connection Request Policies" in NPS (Network Policy Server) ?
I'm NOT using any Server certificate. Certificate installation is mandatory for AP Wi-Fi Radius authentication?

Note: Radius NPAS server is currently perfectly working (AAA Server with Cisco ASA 5508-X as Client)

Thank you,
Simone.

1 REPLY 1

Re: WAP561 Access Point and external Radius Authentication (Windows Server NPAS)

Anyone can help, please?