• September 19, 2020, 02:27:28 AM
Welcome, Guest. Please login or register. Registration is free.
Did you miss your activation email?

Author Topic: 802.1x AP4000 with NPS  (Read 3187 times)

0 Members and 1 Guest are viewing this topic.

Offline gustavct

  • Rookie
  • **
  • Posts: 3
802.1x AP4000 with NPS
« on: October 07, 2015, 01:31:37 PM »
I'm trying to set a SSID with 802.1x. I'm using AP4532 version 5.5.5.0-018R.
This is the wlan config:

!
aaa-policy TEST
 authentication server 1 host 10.61.60.11 secret 0 PASSWORD
 authentication server 1 proxy-mode through-controller
 authentication protocol mschapv2
!
wlan wlan3
 ssid TESTE
 vlan 3010
 bridging-mode local
 encryption-type ccmp
 authentication-type eap
 use aaa-policy TEST

This is the NPS on Windows Server 2012 config:

Network Policies > Authentication Method > EAP-MSCHAP v2
Settings > RADIUS Attributes > No Standard or Vendor Specific

I'm getting the following error code:

ReasonCode 22

Reason
The client could not be authenticated because the Extensible Authentication Protocol (EAP) Type cannot be processed by the server.


Offline McNulty

  • Sr. Member
  • ****
  • Posts: 217
Re: 802.1x AP4000 with NPS
« Reply #1 on: October 07, 2015, 08:10:39 PM »
Take out the line
 authentication protocol mschapv2
You don't need that.

Offline gustavct

  • Rookie
  • **
  • Posts: 3
Re: 802.1x AP4000 with NPS
« Reply #2 on: October 08, 2015, 12:52:28 AM »
Already tried that too.

Offline McNulty

  • Sr. Member
  • ****
  • Posts: 217
Re: 802.1x AP4000 with NPS
« Reply #3 on: October 08, 2015, 01:44:18 AM »
Error message implies that the issue is on the server side.

Offline noobie

  • Full Member
  • ***
  • Posts: 92
Re: 802.1x AP4000 with NPS
« Reply #4 on: October 08, 2015, 09:05:37 AM »
on the NPS you are NOT configuring EAP authentication, but just MSCHAPv2. Thats not EAP

On the NPS side you should have this authentication method:
Microsoft: Protected EAP (PEAP)
once you go into that you can choose your RADIUS server certificate and specify that inner protocol is Secured Password (MSCHAPv2).

PEAP here will first establish a secure tunnel using server cert and then authentication takes place inside the encrypted tunnel via MSCHAPv2.

Once you will change this it will work

Offline gustavct

  • Rookie
  • **
  • Posts: 3
Re: 802.1x AP4000 with NPS
« Reply #5 on: October 19, 2015, 03:13:41 PM »
Hi guys,

Wanna share my experience. Managed to do following this guide: youtube /watch?v=-Vy4uzb2Wmg