Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1637
Views
20
Helpful
7
Replies

Microsoft NPS/RADIUS authentication for WLC management access

Steven-Williams-83
Level 1
Level 1

‎12-14-2022 01:29 PM

Really struggling here and managed to lock myself out of my WLC. I have setup the radius device IP and network policy using service type as administrative. NPS works for access my switches and routers so I know its working. I moved radius to the top in the WLC above LOCAL so it will use radius auth. but now nothing works, not even local admin, which means its talking to radius server just not configured right for a policy. Where do I go next.?

Labels:
0 Helpful
7 Replies 7

Haydn Andrews
VIP Alumni
VIP Alumni

‎12-14-2022 02:06 PM

what model WLC?

In order to get back in with Local auth remove the WLC as a NAD form the RADIUS server and it should fail back to local auth

*****Help out other by using the rating system and marking answered questions as "Answered"*****
*** Please rate helpful posts ***

c_s1
Level 1
Level 1

‎12-14-2022 08:37 PM

Did you get this taken care of, or are you still needing help.

0 Helpful

Scott Fella
Hall of Fame
Hall of Fame

‎12-15-2022 08:14 AM

Policies are different because of the GUI.  So your conditions you use for a switch and router will only work for ssh on the controller.  You need to define a few attributes for AireOS.  Take a look at this guide.

Management Access for AireOS WLC through Microsoft NPS - Cisco

-Scott
*** Please rate helpful posts ***

Steven-Williams-83
Level 1
Level 1
In response to Scott Fella

‎12-15-2022 08:45 AM

This did not work. 

0 Helpful

Scott Fella
Hall of Fame
Hall of Fame
In response to Steven-Williams-83

‎12-15-2022 09:25 AM - edited ‎12-15-2022 09:27 AM

I don't have any more recommendations.  I've used NPS back in the day's and moved to Cisco ISE for TACACS.  Your only option is to search other guides and blogs to see how folks have integrated AireOS WLC's with MS NPS. 

Your radius logs will point you to where its failing and then you can search that up.  You should have a separate policy for your wired vs your wireless due to the attributes you need for AireOS.

-Scott
*** Please rate helpful posts ***

c_s1
Level 1
Level 1

‎12-15-2022 10:52 AM

Get TAC on the phone.

0 Helpful

JPavonM
VIP
VIP

‎12-15-2022 11:33 PM

@Scott Fella guide is what needs to be done.

I've both AireOS and C9800 using NPS for admin access using RADIUS and it works fine, so yours might be a problem (the only steps I've not configured in my NPS profile are neither to mark the "NAS Identifier" condition as we are using NPS for all network devices so left that on the default "Use windows Authentication for all users", nor to use the "NAS-Prompt" for read-only access)

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card