Hi,
We have purchased a few 2960CPD-8TT-L's which we want to connect to our other 2960 24 and 48-port switches.
We have implemented 802.1x for wireless and wired clients. Our last step is to replace a few remaining desktopswitches.
We do not have ISE and use Windows Network Policy Server (NPS) to authenticate clients using RADIUS. This all works well for clients using PEAP+Secure Password using EAP-MSCHAP v2 (for username-based autentication) and "Smart Card or other certificate" for computerbased authentication.
To authenticate the 2960CPD-8TT-L's we have setup them as supplicant:
dot1x system-auth-control
dot1x credentials <my-name>
username <my username>
password <my password>
!
interface GigabitEthernet0/2
switchport trunk allowed vlan 1,2
switchport mode trunk
dot1x pae supplicant
dot1x credentials <my-name>
!
I have tried to use an eap profile (tried mschapv2 and using pki-trustpoint) but without luck.
The Windows NPS shows us the message "Network Policy Server discarded the request for a user." with the following reason "An internal error occurred. Check the system event log for additional information." (which isn't very helpfull).
Now I'm not sure if I it's required, but i don't really understand how to load our CA Root certificate in the c2960. What I tried:
crypto pki trustpoint <CA-Name>
revocation-check none
certificate chain flash:/root.cer
!
!
crypto pki certificate chain <CA-Name>
I'm curious if anyone has been able to get this to work and would be able to point me out what to do.
Any suggestions are very much appriciated.
Kind regards,
Peter
