Controllerless Networks

last person joined: yesterday 

Instant Mode - the controllerless Wi-Fi solution that's easy to set up, is loaded with security and smarts, and won't break your budget
Back to discussions
Expand all | Collapse all

Controller OS 8.4 integrate with NPS ( 2012 R2 )

This thread has been viewed 4 times

  • 1.  Controller OS 8.4 integrate with NPS ( 2012 R2 )

    Posted Oct 01, 2020 05:00 AM

    Dear all friends and experts.,

    We have 03 controller : 02 controller OS 6.4 and 01 controller OS 8.4

     

    02 controller OS 6.4 can works with NPS, but OS 8.1 does not work, I have try many times  :(. I dont know why the controller sent to NPS with NAS Port-Type: Async attribute .?

    Logs on NPS : 

    User:
    Security ID: NULL SID
    Account Name: xxx
    Account Domain: -
    Fully Qualified Account Name: -

    Client Machine:
    Security ID: NULL SID
    Account Name: -
    Fully Qualified Account Name: -
    OS-Version: -
    Called Station Identifier: 204C033C96A4
    Calling Station Identifier: 0.0.0.0

    NAS:
    NAS IPv4 Address: 172.16.2.5
    NAS IPv6 Address: -
    NAS Identifier: -

    NAS Port: 0

    RADIUS Client:
    Client Friendly Name: Ctrll-01
    Client IP Address: 172.16.2.5

    Authentication Details:
    Connection Request Policy Name: -
    Network Policy Name: -
    Authentication Provider: -
    Authentication Server: XXXX
    Authentication Type: -
    EAP Type: -
    Account Session Identifier: -
    Logging Results: Accounting information was written to the local log file.
    Reason Code: 49
    Reason: The RADIUS request did not match any configured connection request policy (CRP).

     

    Please help me to resolve this issue, thank you so much



  • 2.  RE: Controller OS 8.4 integrate with NPS ( 2012 R2 )

    MVP EXPERT
    Posted Oct 01, 2020 07:21 AM

    What does your AAA configuration look like on the Controller? Is the NAS IPv4 Address correctly set on both sides? If you run the AAA Test Server command, do you see an Authentication Failed (suggesting configuration between NPS + AOS is correct but it is an policy issue...) or a Server Timeout (suggesting your have a configuration mismatch between NPS + AOS).

     

    https://www.arubanetworks.com/techdocs/ArubaOS_6_5_3_X_Web_Help/Content/ArubaFrameStyles/1CommandList/aaa_test_server.htm



  • 3.  RE: Controller OS 8.4 integrate with NPS ( 2012 R2 )

    Posted Oct 01, 2020 09:26 AM

    Yes,

     - Pre-share key are same at both end

    - Run AAA test 

    (Controller) *[mynode] #aaa test-server mschapv2 NPS-01 user1 password1

    Authentication failed

    - We have configured policy for user 1. We can test successfully on other controllers ( running 6.5 AOS ).

    - 6.5 AOS controller sent to the NPS attribute :  NAS port type: Wireless -IEEE 802.11

    - 8.4 AOS controller sent the NPS attribute : NAS port type : Async (modem ).

     

    Do you have any ideas. Thank you so much .



  • 4.  RE: Controller OS 8.4 integrate with NPS ( 2012 R2 )

    EMPLOYEE
    Posted Oct 01, 2020 09:37 AM

    For the AAA test in 8.4, the nas-port-type is set to Async, since there is no real user.  A real 802.1x authentication will set it to the correct nas-port-type.

     

    EDIT:  This is a bug that is fixed in a later version of ArubaOS.



  • 5.  RE: Controller OS 8.4 integrate with NPS ( 2012 R2 )

    Posted Oct 01, 2020 09:45 AM

    Thank you Cjoseph

     

     

    Thank you so much.

     

    Lee



  • 6.  RE: Controller OS 8.4 integrate with NPS ( 2012 R2 )

    EMPLOYEE
    Posted Oct 01, 2020 09:52 AM

    I am well.  I hope you and your family are doing good, too.

     

    The answer is YES.  The wrong nas-port-type is a bug in the AAA test.



  • 7.  RE: Controller OS 8.4 integrate with NPS ( 2012 R2 )

    Posted Oct 01, 2020 09:57 AM

    Thank you so much, I will try and feedback to you the result.