Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4585
Views
0
Helpful
8
Replies

5508 WLC to Server2008 NPS Radius

Go to solution
choclateer
Level 1
Level 1

‎01-17-2012 12:00 PM - edited ‎07-03-2021 09:23 PM

I have setup the WLC to authenticate to a MS Server2008 NPS for a WPA2/AES SSID. The connection is successful, but client authentication fails for wrong EAP-type. I believe this indicates a Windows7 client issue. Can anyone tell me the required client setup to satisfy the MS NPS?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Stephen Rodriguez
Cisco Employee
Cisco Employee
In response to choclateer

‎01-17-2012 04:45 PM

Ok, you only want to select the EAP type as PEAP.  The inner method can be MSCHAPv2.  So remove the EAP-MSCHAPv2 from the EAP type list and try the client again.

Steve

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

View solution in original post

0 Helpful
8 Replies 8

Go to solution
Stephen Rodriguez
Cisco Employee
Cisco Employee

‎01-17-2012 12:02 PM

What type of EAP are you doing on the NPS?

On the client 'smartcard/other certificate' is EAP-TLS  Protected EAP is PEAP.

Steve

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered
0 Helpful

Go to solution
choclateer
Level 1
Level 1
In response to Stephen Rodriguez

‎01-17-2012 12:18 PM

I am not using EAP/TLS I do not have a CA server.

client is set to use:

Microsoft PEAP

secured password (EAP-MS-CHAPv2)

802.1x settings = user authentication only

Mike Fleck

Datanamics, Inc

cell 702-985-5420

0 Helpful

Go to solution
Scott Fella
Hall of Fame
Hall of Fame
In response to choclateer

‎01-17-2012 12:39 PM

Just to add to Steves comments.  You need a certificate on NPS to do PEAP.  Do you have one installed.

-Scott
*** Please rate helpful posts ***
0 Helpful

Go to solution
choclateer
Level 1
Level 1
In response to Scott Fella

‎01-17-2012 04:16 PM

I checked with the server team and yes, the NPS does have a certificate.

0 Helpful

Go to solution
Stephen Rodriguez
Cisco Employee
Cisco Employee
In response to choclateer

‎01-17-2012 04:18 PM

MIke,

     Can you screen shot the NPS rules and the client setup?

Steve

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered
0 Helpful

Go to solution
choclateer
Level 1
Level 1
In response to Stephen Rodriguez

‎01-17-2012 04:41 PM

NPS properties attached

0 Helpful

Go to solution
Stephen Rodriguez
Cisco Employee
Cisco Employee
In response to choclateer

‎01-17-2012 04:45 PM

Ok, you only want to select the EAP type as PEAP.  The inner method can be MSCHAPv2.  So remove the EAP-MSCHAPv2 from the EAP type list and try the client again.

Steve

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered
0 Helpful

Go to solution
choclateer
Level 1
Level 1
In response to Stephen Rodriguez

‎01-19-2012 09:33 PM

Thanks for that. I made that change, still had a problem. A friend told me he had issues with AES, so I changed it to TKIP and it worked the first time.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card