Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Configuring Radius on catalyst 3850 GUI


I am currently trying to configure Radius server on the Catalyst 3850, Ive configured Radius authentication with Windows NPS server and certificates on many occasions on WLC 2500 etc. using GUI. This is my first time using 3850 and the GUI here is somewhat different and I cannot figure out what I am doing wrong. NPS server and Certificate Server is up and want to authenticate using EAP-TLS. It seems my problem is the controller configuration, when i try to authenticate with the SSID it says "cannot connect" and when i check under Monitor -> Radius authentication stats i see no packets at all. So as far as i can see this is a controller config problem. On for example WLC 2500, you create the link to the Radius server and then you point to it in the wlan ssid, nothing more. Here there seems to be some more steps and I think i am missing something, but what is it?








Everyone's tags (5)
Cisco Employee

Configuring Radius on catalyst 3850 GUI

Could you please verify the WLC config from the below listed link for setting up WLC for PEAP MSCHAPv2

Jatin Katyal

**Do rate helpful posts**

~BR Jatin Katyal **Do rate helpful posts**
New Member

Configuring Radius on catalyst 3850 GUI

Hi, thanks for answer. The link you posted is how i would configure it on a regular WLC, and is how I am trying to configure the 3850, however I am not able to do this as you can see in my printscreens the GUI here is quite different. Its like the controller dont recognize that i have registered an radius server under mye AAA settings on the SSID.

By the way ignore printscreen 3 where I have checked local EAP authentication, I just did this to test. im running version 3.2.2 and the switch type is 3850- 48PW-S

New Member

Configuring Radius on catalyst 3850 GUI


You may have missed off a crucial step.

If you go to the Security Page - Method Lists - General you will find a setting called 'dot1x system auth control'.

Make sure this is ticked otherwise the 3850 doesn't send any Radius requests.

You can see if Radius is working by using the 'show aaa servers' command from the CLI.

It will show you if the Radius Server is up and you can see how many requests have been sent, successes and failures.

Hope this helps.



CreatePlease login to create content