Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
853
Views
0
Helpful
1
Replies

WAP561 Access Point and external Radius Authentication (Windows Server NPAS)

SimoneGerardoDiDomenico
Level 1
Level 1

‎05-17-2019 09:41 AM

WAP561 Access Point and external Radius Authentication (Windows Server NPAS)


Hi,

I've troubles on configuring Radius Authentication 

AP: Cisco WAP561
Radius Server: (Windows Server 2016 - NPAS)

I've configured an Access Point Network with Security (WPA Enterprise) setting RADIUS authentication (Fig. 1)
Default Radius server setting in System Security.

Tryed Mobile and laptop access to WI-FI Network without success.
After username and password device prompt submit, authentication fails

AP log:

 

May 17 2019 17:49:39	debug	hostapd[5640]	station: fc:18:3c:59:XX:XX deauthenticated	 
May 17 2019 17:49:39	info	hostapd[5640]	STA fc:18:3c:59:XX:XX disassociated from BSSID e0:ac:f1:c5:YY:YY reason 8: Sending STA is leaving BSS	 
May 17 2019 17:49:39	debug	hostapd[5640]	station: fc:18:3c:59:XX:XX deauthenticated	 
May 17 2019 17:49:39	info	hostapd[5640]	STA fc:18:3c:59:XX:XX disassociated from BSSID e0:ac:f1:c5:YY:YY reason 8: Sending STA is leaving BSS	 
May 17 2019 17:49:39	debug	hostapd[5640]	station: fc:18:3c:59:XX:XX deauthenticated	 
May 17 2019 17:49:39	info	hostapd[5640]	STA fc:18:3c:59:XX:XX disassociated from BSSID e0:ac:f1:c5:YY:YY reason 8: Sending STA is leaving BSS	 
May 17 2019 17:49:39	info	hostapd[5640]	Station fc:18:3c:59:XX:XX had an authentication failure, reason 15	 
May 17 2019 17:49:39	info	hostapd[5640]	STA fc:18:3c:59:XX:XX associated with BSSID e0:ac:f1:c5:YY:YY	 
May 17 2019 17:49:39	info	hostapd[5640]	Assoc request from fc:18:3c:59:XX:XX BSSID e0:ac:f1:c5:YY:YY SSID AP1-RADIUS-TEST	 
May 17 2019 17:49:39	err		hostapd[5640]	trying to deauthenticate to station fc:18:3c:59:XX:XX, but not authenticated	 
May 17 2019 17:49:39	err		hostapd[5640]	trying to update accounting statistics, station fc:18:3c:59:XX:XX not found	 
May 17 2019 17:49:39	info	hostapd[5640]	STA fc:18:3c:59:XX:XX deauthed from BSSID e0:ac:f1:c5:YY:YY reason 3: STA is leaving IBSS or ESS

This is NPAS log:

"SRV-0114-XXXXXX","IAS",05/17/2019,17:50:09,1,"myusername","MYDOMAIN\myusername","E0-AC-F1-C5-YY-YY:AP1-RADIUS-TEST","FC-18-3C-59-XX-XX",,,,"192.168.AA.AA",0,9,"192.168.AA.AA","CISCO-WAP561-AP1",,,19,"CONNECT 0Mbps 802.11g",,,,,0,"311 1 192.168.BB.BB 05/17/2019 15:44:58 1",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Connessioni wireless sicure",1,,,,
"SRV-0114-XXXXXX","IAS",05/17/2019,17:50:09,11,,"MYDOMAIN\myusername",,,,,,,,9,"192.168.AA.AA","CISCO-WAP561-AP1",,,,,,,,,0,"311 1 192.168.BB.BB 05/17/2019 15:44:58 1",60,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Connessioni wireless sicure",1,,,,
"SRV-0114-XXXXXX","IAS",05/17/2019,17:50:09,1,"myusername","MYDOMAIN\myusername","E0-AC-F1-C5-YY-YY:AP1-RADIUS-TEST","FC-18-3C-59-XX-XX",,,,"192.168.AA.AA",0,9,"192.168.AA.AA","CISCO-WAP561-AP1",,,19,"CONNECT 0Mbps 802.11g",,,5,,0,"311 1 192.168.BB.BB 05/17/2019 15:44:58 2",,,,"",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Connessioni wireless sicure",1,,,,
"SRV-0114-XXXXXX","IAS",05/17/2019,17:50:09,3,,"MYDOMAIN\myusername",,,,,,,,9,"192.168.AA.AA","CISCO-WAP561-AP1",,,,,,,5,,22,"311 1 192.168.BB.BB 05/17/2019 15:44:58 2",,,,"",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Connessioni wireless sicure",1,,,,

What are the correct settings for "Network Policies" and "Connection Request Policies" in NPS (Network Policy Server) ?
I'm NOT using any Server certificate. Certificate installation is mandatory for AP Wi-Fi Radius authentication?

Note: Radius NPAS server is currently perfectly working (AAA Server with Cisco ASA 5508-X as Client)

Thank you,
Simone.

Preview file
45 KB
0 Helpful
1 Reply 1

SimoneGerardoDiDomenico
Level 1
Level 1

‎06-05-2019 06:48 AM

Anyone can help, please?
0 Helpful
Customers Also Viewed These Support Documents