Wireless Access

Reply
Contributor I

IAP How to configure 802.1x with NPS radius server ?

Dear all,

    I am trying to configure 802.1x on iap with NPS server . But I can not connect to  SSID.

   Here is my IAP conf :

QQ截图20181102160308.png

1.png2.png3.png

 

Radius is a Windows server 2012:

My IAP's IP address is 10.80.21.58

4.png5.png6.png7.png8.png

I can not connect to SSID.But I change the Authentication server from radius to Internal server,then it works.

10.png

I think the problem should be NPS server

 

Anyone has any suggestion?

Guru Elite

Re: IAP How to configure 802.1x with NPS radius server ?

You should try to connect to the SSID with a smartphone first, because the supplicant is more forgiving.


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars

Re: IAP How to configure 802.1x with NPS radius server ?

Sadly, I can only guess your NPs configuration based on your language settings;-)

 

Unfortunately, NPS only offers limited troubleshooting/logging capabilities. Check out my post here, I listed what I could find to troubleshoot from the event viewer:

https://community.arubanetworks.com/t5/Wireless-Access/ArubaOS-Admin-Authentication-with-Microsoft-NPS/td-p/433832

 

You probably should look what Instant displays in terms of error messages. There is a great doc about 802.1x troubleshooting on Instant: https://community.arubanetworks.com/aruba/attachments/aruba/IAP/14879/1/Troubleshooting%20802.1x%20issues.pdf

 

 

Highlighted
Super Contributor II

Re: IAP How to configure 802.1x with NPS radius server ?

Hi!

 

I can see you have enabled "Termination" in your IAP configuration. This means that the IAP cluster will try to terminate the EAP tunnel instead of the RADIUS server and this means you have to have your trusted certificates put on the access points and configured aswell. Is this the way you want it?

 

If you want the EAP to terminate on the RADIUS server and use the certificate there, disable termination in the IAP settings.

 

Make sure that the IAPs IP-addresses are configured as RADIUS clients on the NPS with the same shared secret as you put in the IAP.

 

I think I see the checkbox with validate server certificate checked on your client side configuration, this is good but for troubleshooting purposes you can try to uncheck that and see if it works then. If so, you know that your clients doesn´t trust the server certificate of the RADIUS server so that´s the problem you need to fix and then turn the checkbox for validate server certificate back on.

 

If this still doesn´t work, try checking the event viewer logs in the NPS if you see any requests coming in, and if so, it can reveal why it isn´t accepting your requests. If you don´t see any requests you might want to check for any blocks in filtering points along the way from the IAP cluster to your NPS server.

 

Good luck!

 

Cheers,

Christoffer Jacobsson | Aranya AB
Aruba Partner Ambassador
Aruba: ACMX #537 ACCP ACDP | CWNP: CWNE #306
Contributor I

Re: IAP How to configure 802.1x with NPS radius server ?

I tried ,both PC and smartphone are cannot connect

Contributor I

Re: IAP How to configure 802.1x with NPS radius server ?

I tried ,both PC and smartphone are cannot connect

Contributor I

Re: IAP How to configure 802.1x with NPS radius server ?

Thank you so much ,After I have disabled termination in the IAP settings then I can connect to SSID.

Next I will try to enable the termination and configure the certification with CA server,If i have problems, i would come back to open another subject

Thank you,again

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: