Solved: Re: Radius on C9800 issues

Hashen · ‎03-11-2024

We configured our C9800 with a Dot1x SSID.

when clients enter access to connect, we have the following message

Mar 7 14:11:37.180: %DOT1X-5-FAIL: Chassis 1 R0/0: wncd: Authentication failed for client (f446.3742.4aa0) with reason (Cred Fail) on Interface capwap_900002bf AuditSessionID FA28A8C00002E733193D09C3 Username: Radiustest1

whereas when we do the test from the C9800 the authentication is ok

balaji.bandi · ‎03-12-2024

So this was never worked before ?

is this first time installation ? what source for the user authentication ?

https://howiwifi.com/2020/07/21/cisco-9800-802-1x-eap-user-authentication-with-windows-radius-nps/

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

marce1000 · ‎03-11-2024

- Check the radius server's logs for the particular authentication (the one failing),

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

balaji.bandi · ‎03-11-2024

what is the code onthe Cat 9800 running ?

what Radius you have ?

what client you testing ?

is the client has certs and user authentication ?

if the Windows check below thread :

https://learn.microsoft.com/en-us/troubleshoot/windows-client/networking/802-1x-authentication-issues-troubleshooting

also verify the config WLC 9800 :

https://www.cisco.com/c/en/us/support/docs/wireless/catalyst-9800-series-wireless-controllers/213919-configure-802-1x-authentication-on-catal.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Hashen · ‎03-12-2024

@balaji.bandi , Below is my feedback

what is the code onthe Cat 9800 running ? -----------17.3.4c

what Radius you have ?----------- NPS (Windows)

what client you testing ? (MS Windows, IOS, Android)

is the client has certs and user authentication ? no certificate

I remind you that the test done from the cli controller mentions that the client is authenticated.

but from a wifi client it doesn't work

marce1000 · ‎03-12-2024

>...but from a wifi client it doesn't work
- Check the radius server's logs for the particular authentication from the wifi client

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

balaji.bandi · ‎03-12-2024

So this was never worked before ?

is this first time installation ? what source for the user authentication ?

https://howiwifi.com/2020/07/21/cisco-9800-802-1x-eap-user-authentication-with-windows-radius-nps/

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Hashen · ‎03-13-2024

Yes this is the first installation and it never worked.

The source is the active directory

Yes this is the first installation and it never worked.

The source is the active directory

I check with the document in your link.

If you have anything else to do on the C9800, please share it with me.

THANKS

marce1000 · ‎03-14-2024

>...If you have anything else to do on the C9800, please share it with me.
- Not on the C9800 but on the radius server(s) : Check the logs for the particular authentication from the wifi client

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Hashen · ‎03-20-2024

Thanks also to you @marce1000 , capturing the logs guided me.

Gratitude

Hashen · ‎03-20-2024

Thank you @balaji.bandi it was more at the NPS level the problem.... and your document helped me a lot.

Gratitude