Wireless Access

Dear all,

    I am trying to configure 802.1x on iap with NPS server . But I can not connect to  SSID.

   Here is my IAP conf :

Radius is a Windows server 2012:

My IAP's IP address is 10.80.21.58

I can not connect to SSID.But I change the Authentication server from radius to Internal server,then it works.

I think the problem should be NPS server

Anyone has any suggestion?

You should try to connect to the SSID with a smartphone first, because the supplicant is more forgiving.

I tried ,both PC and smartphone are cannot connect

I tried ,both PC and smartphone are cannot connect

Sadly, I can only guess your NPs configuration based on your language settings;-)

Unfortunately, NPS only offers limited troubleshooting/logging capabilities. Check out my post here, I listed what I could find to troubleshoot from the event viewer:

https://community.arubanetworks.com/t5/Wireless-Access/ArubaOS-Admin-Authentication-with-Microsoft-NPS/td-p/433832

You probably should look what Instant displays in terms of error messages. There is a great doc about 802.1x troubleshooting on Instant: https://community.arubanetworks.com/aruba/attachments/aruba/IAP/14879/1/Troubleshooting%20802.1x%20issues.pdf

Hi!

I can see you have enabled "Termination" in your IAP configuration. This means that the IAP cluster will try to terminate the EAP tunnel instead of the RADIUS server and this means you have to have your trusted certificates put on the access points and configured aswell. Is this the way you want it?

If you want the EAP to terminate on the RADIUS server and use the certificate there, disable termination in the IAP settings.

Make sure that the IAPs IP-addresses are configured as RADIUS clients on the NPS with the same shared secret as you put in the IAP.

I think I see the checkbox with validate server certificate checked on your client side configuration, this is good but for troubleshooting purposes you can try to uncheck that and see if it works then. If so, you know that your clients doesn´t trust the server certificate of the RADIUS server so that´s the problem you need to fix and then turn the checkbox for validate server certificate back on.

If this still doesn´t work, try checking the event viewer logs in the NPS if you see any requests coming in, and if so, it can reveal why it isn´t accepting your requests. If you don´t see any requests you might want to check for any blocks in filtering points along the way from the IAP cluster to your NPS server.

Good luck!

Cheers,

Thank you so much ,After I have disabled termination in the IAP settings then I can connect to SSID.

Next I will try to enable the termination and configure the certification with CA server,If i have problems, i would come back to open another subject

Thank you,again