01-10-2021 09:05 PM - edited 07-05-2021 12:59 PM
I'm trying to connect Cisco WLC in Window NPS server as a radius client because I would like to get wireless dot1x authentication. But this task is not completed because while I connecting to SSID, Cisco WLC did not get respond from radius NPS server. But Cisco WLC and Windows NPS server are in different subnet and there is no any security control between these subnets. It show the following error message.
From WLC,
(Cisco Controller) >test aaa show radius
Radius Test Request
Wlan-id........................................ 4
ApGroup Name................................... Tech1
Server Index................................... 1
Radius Test Response
Radius Server Retry Status
------------- ----- ------
Authentication Response:
Result Code: No response received from server
No AVPs in Response
From Windows Server 2012 side,
A RADIUS message was received from the invalid RADIUS client IP address 172.30.3.xxx.
01-10-2021 09:50 PM
Have you added the WLC to the list of RADIUS Clients in NPS?
Verify that the shared keys are also the same. If you open Windows Event Viewer and go to Windows Logs > Security and filter the current log to just the Task category of Network Policy Server, you'll be able to get all the details of what's happening between the RADIUS server and the WLC.
01-11-2021 12:30 AM
I've done to add WLC to the list of NPS radius client and also finished to check share secret key again and again. But the error is still happening. Could you please give me advice how to do this problem.
(Cisco Controller) >test aaa radius username user10 password admin123!@# wlan-id 4 apgroup Tech1 server-index 1
Radius Test Request
Wlan-id........................................ 4
ApGroup Name................................... Tech1
Attributes Values
---------- ------
User-Name user10
Called-Station-Id 192.168.134.2
Calling-Station-Id 00-11-22-33-44-55
Nas-Port 0x00000008 (8)
Nas-Ip-Address 192.168.134.2
NAS-Identifier Cisco
Airespace / WLAN-Identifier 0x00000004 (4)
User-Password admin123!@#
Service-Type 0x00000008 (8)
Framed-MTU 0x00000514 (1300)
Nas-Port-Type 0x00000013 (19)
Tunnel-Type 0x0000000d (13)
Tunnel-Medium-Type 0x00000006 (6)
Tunnel-Group-Id 0x0000008b (139)
Cisco / Audit-Session-Id c0a88602000002885ffc0b1c
--More-- or (q)uit
Acct-Session-Id 5ffc0b1c/00:11:22:33:44:55/760
(Cisco Controller) >test aaa show radius
Radius Test Request
Wlan-id........................................ 4
ApGroup Name................................... Tech1
Server Index................................... 1
Radius Test Response
Radius Server Retry Status
------------- ----- ------
Authentication Response:
Result Code: No response received from server
No AVPs in Response
01-11-2021 07:30 AM
What does the security log (in Event Viewer) show on the NPS server in that instance?
Depending on security settings, the test command might not work on the CLI. It's easier if you configure a test SSID with the radius server in question and then use a real user to authenticate.
01-11-2021 08:26 AM
1st, make sure you are not seeing this error: A RADIUS message was received from the invalid RADIUS client IP address 172.30.3.xxx.
That means that the radius and the controller are communicating via radius. Then take a look at some guides or blogs on configuration of WLC with NPS, which should help make sure you are setting everything up properly. You can also search for the key words you see like "No AVP's in Response" and should find more info on that:
So once the radius and controllers are communicating, then you need to define the controller radius, controller SSID and the radius polices properly.
Is this a new setup?
01-11-2021 08:40 AM
Yes new setup.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide