Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

5508 WLC to Server2008 NPS Radius

I have setup the WLC to authenticate to a MS Server2008 NPS for a WPA2/AES SSID. The connection is successful, but client authentication fails for wrong EAP-type. I believe this indicates a Windows7 client issue. Can anyone tell me the required client setup to satisfy the MS NPS?

Everyone's tags (4)
1 ACCEPTED SOLUTION

Accepted Solutions

5508 WLC to Server2008 NPS Radius

Ok, you only want to select the EAP type as PEAP.  The inner method can be MSCHAPv2.  So remove the EAP-MSCHAPv2 from the EAP type list and try the client again.

Steve

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered
8 REPLIES

5508 WLC to Server2008 NPS Radius

What type of EAP are you doing on the NPS?

On the client 'smartcard/other certificate' is EAP-TLS  Protected EAP is PEAP.

Steve

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered
New Member

Re: 5508 WLC to Server2008 NPS Radius

I am not using EAP/TLS I do not have a CA server.

client is set to use:

Microsoft PEAP

secured password (EAP-MS-CHAPv2)

802.1x settings = user authentication only

Mike Fleck

Datanamics, Inc

cell 702-985-5420

Hall of Fame Super Silver

5508 WLC to Server2008 NPS Radius

Just to add to Steves comments.  You need a certificate on NPS to do PEAP.  Do you have one installed.

-Scott
*** Please rate helpful posts ***
New Member

5508 WLC to Server2008 NPS Radius

I checked with the server team and yes, the NPS does have a certificate.

5508 WLC to Server2008 NPS Radius

MIke,

     Can you screen shot the NPS rules and the client setup?

Steve

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered
New Member

5508 WLC to Server2008 NPS Radius

NPS properties attached

5508 WLC to Server2008 NPS Radius

Ok, you only want to select the EAP type as PEAP.  The inner method can be MSCHAPv2.  So remove the EAP-MSCHAPv2 from the EAP type list and try the client again.

Steve

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered
New Member

5508 WLC to Server2008 NPS Radius

Thanks for that. I made that change, still had a problem. A friend told me he had issues with AES, so I changed it to TKIP and it worked the first time.

4077
Views
0
Helpful
8
Replies
CreatePlease to create content