locked
need configuration assistance with NPS (RADIUS)+cisco AP RRS feed

  • Question

  • hello!

    I have configured Cisco AP:

    aaa group server radius radius1
     server 10.0.0.2 auth-port 1812 acct-port 1813

    aaa authentication login eap1 group radius1 local

    dot11 ssid cisco1
       vlan 1
       authentication open eap eap1
       authentication network-eap eap1
       guest-mode

    connectivity check

    ap#test aaa group radius grzegorzn Niecaxx legacy
    Attempting authentication test to server-group radius using radius
    User was successfully authenticated.

    log from NPS

    Network Policy Server granted full access to a user because the host met the defined health policy.

    User:
        Security ID:            CT\grzegorzn
        Account Name:            grzegorzn
        Account Domain:            CT
        Fully Qualified Account Name:    ct.corp/Computec/Users/Grzegorz Niecka

    Client Machine:
        Security ID:            NULL SID
        Account Name:            -
        Fully Qualified Account Name:    -
        OS-Version:            -
        Called Station Identifier:        -
        Calling Station Identifier:        -

    NAS:
        NAS IPv4 Address:        192.168.10.2
        NAS IPv6 Address:        -
        NAS Identifier:            ap
        NAS Port-Type:            Async
        NAS Port:            -

    RADIUS Client:
        Client Friendly Name:        892w
        Client IP Address:            10.0.0.128

    Authentication Details:
        Connection Request Policy Name:    Allow_all
        Network Policy Name:        All_Standard_Access
        Authentication Provider:        Windows
        Authentication Server:        dc01.ct.corp
        Authentication Type:        PAP
        EAP Type:            -
        Account Session Identifier:        -

    Quarantine Information:
        Result:                Full Access
        Extended-Result:            -
        Session Identifier:            -
        Help URL:            -
        System Health Validator Result(s):    -

     

    this Network Policy Name:        All_Standard_Access works fine for VPN clients

    I want to enable similiar user authorization for wireless.

    I have created new policy on NPS (using wizard) but when client tries to connect using this AP there aren't any hits in this policy... and of course client can't connect.

    should I have to configure wireless network settings?

     

    Monday, March 22, 2010 2:01 PM

Answers

  • Hi,

    If you aren't getting hits to the policy, look at conditions. I believe there is a default condition that I've seen can cause a problem with some of the newer Cisco equipment.

    NAS Port Type = Ethernet

    Remove this condition and try to see if you get a match on the policy.

    Edit: As a matter of fact, you have exactly the NAS Port-Type that causes this to not match. Yours is Async, not Ethernet. I'm about 99% sure this is your problem.

    -Greg

    Tuesday, April 6, 2010 1:10 AM