To get some visibility into the RADIUS exchange, you could configure logging on NPS. In the log is the name of the network policy which was ultimately used to evaluate the request. If it selects 'Connections to other access servers' (the lowest-priority policy that functions as a 'default deny'), then you'll know that for some reason the Conditions on *your* network policy are too specific to be matched.
Sx550X, Sx350X, Sx250: PSE will Supply Power to Catalyst PSE Ports
May 31, 2016
June 5, 2017
Configure Remote Network Monitoring (RMON) Events Control Settings on a Switch through the Command Line Interface (CLI)
Remote Network Monitoring (RMON) was developed by the Internet Engineering Task Force (IETF) to support...