Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
635
Views
0
Helpful
4
Replies

AD Auth SSID on C9800

ToddLewis13460
Level 1
Level 1

‎01-27-2021 07:24 AM - edited ‎07-05-2021 01:05 PM

I am looking to configure an AD authenticated SSID on a C9800 WLC.  In the past I have been able to successfully do this from the 5500 series controllers to a Windows NPS server.  However when I try and configure the C9800 with a Windows NPS server I get an error on the server that says that it cannot process this type of EAP request.  Can I set this up this way or does the C9800 only authenticate to the ISE product?

Labels:
0 Helpful
4 Replies 4

marce1000
VIP
VIP

‎01-27-2021 09:56 AM

 

  - What's the software version on the 9800 and or use the most recent release to verify this issue.

 M.



-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !
0 Helpful

ToddLewis13460
Level 1
Level 1
In response to marce1000

‎01-27-2021 01:57 PM

software version is 16.12.03.

0 Helpful

Rasika Nayanajith
VIP
VIP

‎01-27-2021 02:40 PM

9800 should support any RADIUS server, not limited to ISE. You require to configure the same shared secret on 9800 and NPS.

Hope you follow the configuration guideline for 9800 given below

https://www.cisco.com/c/en/us/support/docs/wireless/catalyst-9800-series-wireless-controllers/213919-configure-802-1x-authentication-on-catal.html 

 

As long as you configure NPS for basic client auth/authorization policy it should work. Below post may give some idea how you should configure NPS

http://wifinigel.blogspot.com/2014/03/the-microsoft-network-policy-server-nps.html 

 

HTH

Rasika

 

0 Helpful

Rich R
VIP
VIP
In response to Rasika Nayanajith

‎01-28-2021 08:23 AM

Try with 17.4.1 like marce100 suggested.  Features and fixes having been coming thick and fast in the 9800 code.

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's   and   TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's,   Best Practices for 9800 WLC's   and   Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.190.0, latest 9800 releases, 8.5.182.11 (8.5 mainline) and 8.5.182.108 (8.5 IRCM)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card