Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
716
Views
0
Helpful
0
Replies

Prime Infrastructure AAA using MS RADIUS

David Cebula
Level 1
Level 1

‎08-01-2016 01:13 PM

Has anyone gotten Prime Infrastructure AAA to work with MS radius (NPS services) using EAP_TLS as the authentication type? What I mean is that I want to grant access to PI itself using AAA via Radius. 

I can get it work if I set PAP as the authentication type but if I try switch to EAP_TLS (PI and NPS) it fails. The NPS log just says it fails to match any policies. 

I am trying with PI 3.1.x. Documentation is very sparse:

"EAP_TLS—Extensible Authentication Protocol - Transport Layer Security is a secure protocol as it supports certificate-based mutual authentication. When EAP-TLS is selected as the authentication type, the generated key must be added to Cisco Prime Infrastructure keystore using ncs key importsignedcert admin CLI and the certificate chains must be present in RADIUS server. This does not require Cisco Prime Infrastructure services restart."

1 person had this problem
Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents