05-17-2019 09:41 AM
WAP561 Access Point and external Radius Authentication (Windows Server NPAS)
Hi,
I've troubles on configuring Radius Authentication
AP: Cisco WAP561
Radius Server: (Windows Server 2016 - NPAS)
I've configured an Access Point Network with Security (WPA Enterprise) setting RADIUS authentication (Fig. 1)
Default Radius server setting in System Security.
Tryed Mobile and laptop access to WI-FI Network without success.
After username and password device prompt submit, authentication fails
AP log:
May 17 2019 17:49:39 debug hostapd[5640] station: fc:18:3c:59:XX:XX deauthenticated May 17 2019 17:49:39 info hostapd[5640] STA fc:18:3c:59:XX:XX disassociated from BSSID e0:ac:f1:c5:YY:YY reason 8: Sending STA is leaving BSS May 17 2019 17:49:39 debug hostapd[5640] station: fc:18:3c:59:XX:XX deauthenticated May 17 2019 17:49:39 info hostapd[5640] STA fc:18:3c:59:XX:XX disassociated from BSSID e0:ac:f1:c5:YY:YY reason 8: Sending STA is leaving BSS May 17 2019 17:49:39 debug hostapd[5640] station: fc:18:3c:59:XX:XX deauthenticated May 17 2019 17:49:39 info hostapd[5640] STA fc:18:3c:59:XX:XX disassociated from BSSID e0:ac:f1:c5:YY:YY reason 8: Sending STA is leaving BSS May 17 2019 17:49:39 info hostapd[5640] Station fc:18:3c:59:XX:XX had an authentication failure, reason 15 May 17 2019 17:49:39 info hostapd[5640] STA fc:18:3c:59:XX:XX associated with BSSID e0:ac:f1:c5:YY:YY May 17 2019 17:49:39 info hostapd[5640] Assoc request from fc:18:3c:59:XX:XX BSSID e0:ac:f1:c5:YY:YY SSID AP1-RADIUS-TEST May 17 2019 17:49:39 err hostapd[5640] trying to deauthenticate to station fc:18:3c:59:XX:XX, but not authenticated May 17 2019 17:49:39 err hostapd[5640] trying to update accounting statistics, station fc:18:3c:59:XX:XX not found May 17 2019 17:49:39 info hostapd[5640] STA fc:18:3c:59:XX:XX deauthed from BSSID e0:ac:f1:c5:YY:YY reason 3: STA is leaving IBSS or ESS
This is NPAS log:
"SRV-0114-XXXXXX","IAS",05/17/2019,17:50:09,1,"myusername","MYDOMAIN\myusername","E0-AC-F1-C5-YY-YY:AP1-RADIUS-TEST","FC-18-3C-59-XX-XX",,,,"192.168.AA.AA",0,9,"192.168.AA.AA","CISCO-WAP561-AP1",,,19,"CONNECT 0Mbps 802.11g",,,,,0,"311 1 192.168.BB.BB 05/17/2019 15:44:58 1",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Connessioni wireless sicure",1,,,, "SRV-0114-XXXXXX","IAS",05/17/2019,17:50:09,11,,"MYDOMAIN\myusername",,,,,,,,9,"192.168.AA.AA","CISCO-WAP561-AP1",,,,,,,,,0,"311 1 192.168.BB.BB 05/17/2019 15:44:58 1",60,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Connessioni wireless sicure",1,,,, "SRV-0114-XXXXXX","IAS",05/17/2019,17:50:09,1,"myusername","MYDOMAIN\myusername","E0-AC-F1-C5-YY-YY:AP1-RADIUS-TEST","FC-18-3C-59-XX-XX",,,,"192.168.AA.AA",0,9,"192.168.AA.AA","CISCO-WAP561-AP1",,,19,"CONNECT 0Mbps 802.11g",,,5,,0,"311 1 192.168.BB.BB 05/17/2019 15:44:58 2",,,,"",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Connessioni wireless sicure",1,,,, "SRV-0114-XXXXXX","IAS",05/17/2019,17:50:09,3,,"MYDOMAIN\myusername",,,,,,,,9,"192.168.AA.AA","CISCO-WAP561-AP1",,,,,,,5,,22,"311 1 192.168.BB.BB 05/17/2019 15:44:58 2",,,,"",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Connessioni wireless sicure",1,,,,
What are the correct settings for "Network Policies" and "Connection Request Policies" in NPS (Network Policy Server) ?
I'm NOT using any Server certificate. Certificate installation is mandatory for AP Wi-Fi Radius authentication?
Note: Radius NPAS server is currently perfectly working (AAA Server with Cisco ASA 5508-X as Client)
Thank you,
Simone.
06-05-2019 06:48 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide