locked
Cisco switches configuration with RADIUS/NPS w2k8 server not working RRS feed

  • Question

  • Hi,

    I have followed the following article in order to configure the an NPS w2k8r2 radius server with the a cisco switch in order to get a group of domain users to authenticate.

    http://www.experts-exchange.com/Networking/Network_Management/Network_Operations/A_8734-RADIUS-authentication-for-Cisco-switches-using-w2k8R2-NPS.html

    The authentication doesn't work I am getting the following error message:

          Reason Code:                  21
          Reason:                        An NPS extension dynamic link library (DLL) that is installed on the NPS server rejected the connection request.

    This NPS server is being used by a Juniper SSL VPN already. We have 2 policies configured:

    1.) Cisco Device Admin - Configured as described in the article (this is the one we are using for the Cisco switches)
     
    2.) Connections to Microsoft Routing and Remote Access Server (this is the one configured for the Juniper SSL VPN) - Grant access / type unspecified, Conditions - member of the RADIUS group, Authentication Methods (MS-CHAPv2, MS-CHAP)

    Does anyone knows why the switches are not connecting to the RADIUS?

    Thank you!
    • Moved by Aiden_Cao Wednesday, October 31, 2012 6:13 AM more appropriate (From:General)
    Tuesday, October 30, 2012 3:00 PM

Answers

  • Hi,

    Thanks for your post.

    The guide you trying to follow is use NPS authentication for domain admin logins in Cisco Device instead of local account. In order to setup 802.1X wired authentication for domain user, please delete current policy for Cisco Switch on NPS server, and recreate it through the Secure Wired Connections wizard. Hope it helps.

    Create NPS Policies for 802.1X Wired by Using a Wizard

    http://technet.microsoft.com/en-us/library/dd283087(v=ws.10).aspx

    Best Regards,

    Aiden


    Aiden Cao

    TechNet Community Support

    • Proposed as answer by Aiden_Cao Monday, November 5, 2012 2:32 AM
    • Marked as answer by post Monday, November 5, 2012 1:49 PM
    Thursday, November 1, 2012 5:41 AM