• June 22, 2018, 04:17:02 PM
Welcome, Guest. Please login or register. Registration is free.
Did you miss your activation email?

Author Topic: RFS6000 and external Radius  (Read 1093 times)

0 Members and 1 Guest are viewing this topic.

Offline capsel22

  • Rookie
  • **
  • Posts: 2
RFS6000 and external Radius
« on: March 25, 2016, 06:57:49 AM »
Hi,

I am trying to set-up RFS6000 Wing 5.5 to use on-site Radius server for authentication. However this is futile so far.

I have created AAA and pointed it to our 2012r2 radius server, correct phrase and left proxy at none and PAP as auth (default).

On radius added the client and created network policy to allow everyone with any authentication method to limit the factors that can go wrong.

The WLAN is using the AAA / EAP / CCMP

Created manual WIFI to use Microsoft PEAP, un-ticked validate server cert and ticked to use user or computer as 802.1X auth.

However I am getting unable to connect

Tried following this guide:
/watch?v=3tAvNal8iio

But our issue is that we DONT want to use any certificate during the process. We dont have local CA and cannot issue user or webserver certificates. I dont mind having RFS' self-signed cert on the radius server, but we wouldnt be able to push it to clients due to various of devices.

I have made Radius work on another router (Asus), so I know the 2012R2 and it's policy is fine. I am guessing I am missing something in the config on RFS...

Hope you can assist, let me know what else you need.


Offline McNulty

  • Sr. Member
  • ****
  • Posts: 216
Re: RFS6000 and external Radius
« Reply #1 on: March 29, 2016, 12:20:41 AM »
Sounds like you are doing everything right. But there are so many things that can go wrong - client, RFS and NPS all have finicky configurations.

Have you verified that RFS6000 is actually sending requests to NPS?
You could run a packet capture on the controller and check that requests are going out and check if a response (any kind of response even negative) is coming back from NPS to the RFS.

Also, have you checked the logs on NPS? They are cryptic but you can google for the translation. But at least you can see if any request is being processed to start with.

Also, is your client device prompting for the credentials correctly?