cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1448
Views
0
Helpful
7
Replies

802.1x supplicant on WAP4410N

piotr.chrusciel
Level 1
Level 1

Hi Everyone.

I want to setup 802.1x authentication on a Catalyst 2960 port where a WAP4410N Small Bussiness Access Point is connected. All other clients (windows 7 workstations) which are connected to that switch are successfully authenticated - PEAP is used as a authentication method. Microsoft NPS acts as a RADIUS.

I created login and password in a Domain for that AP and configured it accordingly on WAP4410N options.

When I enabled dot1x on that port the authentication was rejected, I got following info on the RADIUS:

Authentication Details:

    Connection Request Policy Name:    Use Windows authentication for all users

    Network Policy Name:        802.1x

    Authentication Provider:        Windows

    Authentication Server:        HOST1

    Authentication Type:        EAP

    EAP Type:            -

    Account Session Identifier:        -

    Logging Results:            Accounting information was written to the local log file.

    Reason Code:            22

    Reason:                The client could not be authenticated  because the Extensible Authentication Protocol (EAP) Type cannot be processed by the server.

Do anyone know what could be wrong? I enabled less secure authentication methods on a RADIUS but with no effect.

Regads,

7 Replies 7

Amjad Abdullah
VIP Alumni
VIP Alumni

Hi Piotr,

I think the supported EAP type by that AP is PAP or CHAP. Have you tested with those methods enabled on your server?

What about authentication using the MAC address rather than username/password/ does it work?

If the above did not solve your problem kindly move your thread to Small Businee -> Wireless forums. They'll probably help you better (you can do that from the right pane).

You are welcome to come to ask in this forum if guys in small business forum provided the needed information about what EAP type is being used by the AP.

Regards,

Amjad

Rating useful replies is more useful than saying "Thank you"

Rating useful replies is more useful than saying "Thank you"

MAC auth. bypass is not working as well - I got the same error on the RADIUS. At the moment I have checked on the RADIUS all authentication methods in a policy, I tried also with two EAP method, PEAP i EAP-MS-CHAPv2.

Firsty I tried PEAP and all auth. methods, and second trial - EAP-MS-CHAPv2 and all auth. methods. All with the same result - auth. rejected with log

"The client could not be authenticated  because the Extensible  Authentication Protocol (EAP) Type cannot be processed by the server."

What is wrong? Any ideas?

Piotr: can you please try to collect some packet capture on the port to which the access point is connected? That should tell us what EAP-Method is being used.

Rating useful replies is more useful than saying "Thank you"

Rating useful replies is more useful than saying "Thank you"

I could take some time as the network devices are located in a branch office. Could these small business APs use EAP-FAST, instead of EAP-MSCHAPv2 or PEAP.

I have found such link

http://www.cisco.com/en/US/tech/tk722/tk720/technologies_configuration_example09186a00809fbd21.shtml

- it is related to Aironet obviously, but possibly the method is similar...?

Regards

Amjad, I found also following post, there is your answer but related to Aironet:

Probably it could work with ACS...

https://supportforums.cisco.com/thread/2162744

That could be related but it is not a must. It should be documented somewhere what EAP type the 4410N access point use when it acts as dot1x supplicant. However, I could not find any.

You tested with MAB and it did not work? What was the error on NPS when you use the MAB (MAC Auth Bypass)?

Rating useful replies is more useful than saying "Thank you"

Rating useful replies is more useful than saying "Thank you"

Using MAB i got the same error.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: