Cisco :: Configuring RADIUS Server For It?
Jan 25, 2012
Does anyone have or know of a tried and true method of configuring a Windows Server 2008 box to provide authentication/accounting services for Cisco devices. I've read a few websites already and a lot of them seem to be geared toward VPN and some of the settings each site goes through are different.I've got NPS installed and a RADIUS client configured with the shared key. Right now I'm in the process of creating the Network Policy which only allows a Windows "admin" group to log in. Curious about the "Constraints" section where the NAS Port Type is selected and the "Settings" section where the service-type and vendor specific options are configured.
View 18 Replies
ADVERTISEMENT
Dec 3, 2012
We have recently installed Cisco for our wireless solution. We are an education and are looking to let staff and pupils bring their own devices. The route that we are planning to take to let them join the school's WiFi is to implement a RADIUS server so that they can authenticate with their Active Directory username and password. I have tried to test the solution but so far without any success. I am using a Windows Server 2008 R2 as my NPS server, I have setup the Cisco controller as per below:
Security Tab | RADIUS | Authentication - I added my windows server there and the preshared key, the Network User and Management is ticket and the server responds to a ping command,In the WLANs Tab, I selected my test WLAN and under Security | AAA Servers I selected the RADIUS server that I configured in the Security TabI then try to logon to my test WLAN and on the Cisco WLAN controller I get the following error: AAA Authentication Failure for UserName:test User Type: WLAN USER
Before trying to tinker with policies on the Windows Server I was wondering if the RADIUS is correctly setup on the Controller or have I missed something obvious?
View 6 Replies
View Related
Apr 28, 2013
I would like to know if microsoft 2008 server RADIUS server could be use for authentication on Cosco 5508 instead of Cisco ACS.
View 4 Replies
View Related
Mar 25, 2013
I am trying to configure AAA authentication and authorization with Cisco 3725 (IOS 12.4(17)) for 802.1x and ACS 4.2 with VLAN assignment to my Windows XP client. (trying to assign VLAN 100 in my scenario).When user connects to the Router, it passes the authentication process (EAP-MD5). In my debug i see that Router recieves the Radius Attributes BUT does not apply anything!My running config:
Building configuration...
Current configuration : 1736 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
[code]......
As a result the vlan-switch data based does not change.
View 3 Replies
View Related
Feb 6, 2012
I was wondering if i should use the same RADIUS VSA attribute on ACS v5.1 to authenticate AAA clients as those i was using on my old ACS v3.3 server.
Example : under ACS v3.3 i was using RADIUS (Cisco Aironet) attribute to authenticate AP & WLC, should i do the same under ACS v5.1 ?
View 2 Replies
View Related
Jul 20, 2011
getting radius to work on a 2950G switch with an older IOS of 12.1(22)EA1. I have radius setup on a windows 2k8 box and all of my other switches 2960's and above have no issues. I am unable to input the nas-identifier of 32 into the config using - radius-server 32 attribute 32 include-in-access-req format %h as well as the aaa session-id common commands. Doing a debug radius says that the radius server is not defined.
View 5 Replies
View Related
May 1, 2012
Any free radius server for lab purpose?
View 5 Replies
View Related
Oct 15, 2012
How to configure Radius server on router in packet tracer
View 1 Replies
View Related
Jun 8, 2011
i have problem with my 3 new cisco AP1252AG and Radius server (windows 2000 IAS).On the 3 AP, i have two ssid :,One with Wpa pre-shared key,the other one with EAP/radius,the one with preshared key works well but the other have some trouble, here is the error message ,i have check the shared secret in radius and ap and it's ok.The error appears randomly.
View 1 Replies
View Related
Sep 2, 2012
which is the best RADIUS server for 802.1x wired authentication?
View 1 Replies
View Related
May 13, 2013
I am trying to configure a WAP4410N, with latest firmware, for disabled security (i.e.: no WEP/WPA, user passwords etc) but enable MAC authentication control using RADIUS.If I test the WAP using disabled security and disabled authentication control, the WAP works fine. When I enable the RADIUS MAC authentication (ensuring I have entered the correct RADIUS server details) nothing happens, the WAP connection just fails. Also, the RADIUS server doesn't log any attempts from the WAP to connect.Is there a known problem with this WAP simply not working with RADIUS under this configuration?
View 1 Replies
View Related
Mar 7, 2012
I am testing a Aironet1040 in AP setting. During the process of trial run of GUI on this 1040, I saw a local radius setting and it can set something like FAST-EAP.
Is it after using this setting (plus other steps), I can set this Aironet1040 as an AP with the capability of simple Radius Server for authentication purpose?
If not by this way as I mentioned above, can Aironet1040 be set as simple Radius Server? This is because if it can set as simple Radius Server and not need to work with an external Radius Server, that would be great and save trouble to find another server.
View 5 Replies
View Related
Jan 24, 2013
I am currently trying to get eap-tls user certificate based wireless authentication working. The mismatch of guides im trying to follow has me coming up trumps with success so far.
My steps for radius:- (i think this part ive actually got ok) [URL]
Steps for the wireless profile on a win 7 client:- this has me confused all over the place [URL]
My 1130 Config:-
[code]
Current configuration : 3805 bytes
!
! Last configuration change at 11:57:56 UTC Fri Jan 25 2013 by apd
[Code].....
View 14 Replies
View Related
Oct 28, 2012
I have a 2811 router and how to configure a RADIUS server using the CLI.
View 3 Replies
View Related
Nov 19, 2012
We are retiring our current radius server. It is windows 2003 IAS server (also a DC) that we use for 802.1X authentication. We are moving to server 2008r2. I have already installed NPS and Network Authentication services on the server.
On the existing IAS server I exported the settings (using iasmig reader.exe) and was able to import the profiles (I see the 5500 as a radius client etc) Our 5500 is still pointing to the old server.
Is it as simple as changing the ip of the RADIUS server to point to the new server? It looks like I actually have to add the new server and create a new pres hared key on the NPS server but only find documents on adding a new 5500 (vs flipping it to a new NPS server).
View 9 Replies
View Related
Mar 6, 2013
Can the 2504 WLC be configured to work with one RADIUS Server for Authentication of Management Users and with a second server for 802.1x EAP-TLS certificate authentication for the end users.
Management Users will authenticate on RADIUS Server 1.Wireless End users will request 802.1x EAP-TLS authentication certificate from AAA server 2.
View 5 Replies
View Related
May 18, 2011
getting a Cisco WLC to work with MS NPS server? We've done it before albeit with differnt code versions.
I have a Cisco 5508 WLC running 7.0.116.0 code hosting a WLAN configured for WPA2 with 802.1x for authentication. I have two Windows NPS servers configured as the RADIUS servers for EAP-TLS authentication. Via debug info on the WLC I can see the 802.1x handshake take place with the wireless client and the WLC as well as a successful transmission of an Authentication Packet from the WLC to one of the RADIUS servers. However on the WLC I see repeated RADIUS server x.x.x.x:1812 deactivated in global list and on the NPS server I'm seeing event log errors indicating "The Network Policy Server discarded the request for a user" along with the pertinent auth request info that I would expect the NPS server to receive from the WLC. Based on the WLC debug info I'm never actually getting to the EAP-TLS certificate authentication part. It seems the NPS servers don't like the format of the initial RADIUS authentication request coming from the WLC and so don't respond whcih in turn casues to WLC to switch to the other NPS server which produces the same issue.
View 2 Replies
View Related
Apr 7, 2013
Is there any way to set up our ISE to provide Radius instead of acting as Radius Proxy? In our Company we use ACS 4.2 to provide AAA via Tacacs+ and this works proper with all our Cisco-Switches. Now we are testing the ISE 1.1.1 as NAC-Solution.
I know how to set up the ISE as 'Radius Proxy', configuring the Sequences and Policies, but till now we are using only Tacacs+ for AAA. The current version of ISE does not support Tacacs+ and I don't want to set up a Radius-enviroment in ACS if not necessary. Somewhere ( I think the specs) I read, the ISE is a merge of ACS and NAC. So in my Opinion there should be a way to provide AAA via Radius on the ISE without ACS and without 'Radius Proxy'.
View 2 Replies
View Related
Apr 3, 2013
Is it possible to have ASDM and SSH authenticate via different means on a RADIUS server? In particular, I have a single aaa-server group that's used for both ASDM and SSH, but I want to limit ASDM access to only a particular group in Active Directory (for example). I looked at various different requests (from the server's perspective) to see if there was a way that they (ASDM requests and SSH requests) were differentiated but was unable to find any. It would be ideal if there was something inherent about the RADIUS request coming from ASDM vs SSH so that I could build that decision making into the RADIUS server.I know I could do this by just using a different aaa-server group for each access method, but I want to avoid that if possible.
View 7 Replies
View Related
Jan 30, 2013
I am biulding a wireless network with 5508 WLC and trying to use ISE as radius server and also to redirect the web-login to it.I was trying to understand that to achieve the external web-login, do i need to use the raduius-nac option under advanced on the guest wireless where i am trying this out. and if not, where do i actually use it?So far what i have understood that i do need to have preauth ACL on the Layer 3 security, but the issue is there is no hit reaching the ISE.
View 9 Replies
View Related
Dec 11, 2011
I'm using an ASA version 8.4.2 and a Radius Server.
Is-it possible to configure ASA for sending the name of the connection profile to the Radius Server ?
By default, the radius server doesn't receive this information.
View 1 Replies
View Related
Jul 12, 2012
I want to know if its nessary to install Certificate authority on your radius server. If we have a CA server already in the domain can we use that for this purpose or we have to install certificate authority on our DC.
View 1 Replies
View Related
Apr 30, 2012
Below is he output from debug radius authentication from my AP.
I can see request is forwarding from AP to radius but Radius is not sending any response.Not sure why its not responding.
I also did not under stand few out outputs also
no sg in radius-timers and
RADIUS/DECODE: parse response no app start; FAIL
what does it mean.
I restarted radius server , changed secret key but no luck.
019639: May 1 16:15:08.727: RADIUS: User-Name [1] 32 "host/3KYGRH1.idcap.intdata.com"
019640: May 1 16:15:08.727: RADIUS: Framed-MTU [12] 6 1400
019641: May 1 16:15:08.727: RADIUS: Called-Station-Id [30] 16 "0012.01d6.f691"
[Code]...
View 4 Replies
View Related
Apr 22, 2011
I was just wondering if it was possible to turn a cisco 887 Router into a RADIUS Server. What i wanted to do was setup my wireless AP to authenticate using RADIUS, but didn't want to setup another server for the purpose.
View 1 Replies
View Related
Aug 13, 2012
I'm able to setup my 3750e switch to login through a radius server with my company user id and password but would like to be able to set it up that when I log in it drops me on the enable prompt. Right now I have to type >en.Then the enable password.
View 1 Replies
View Related
Oct 26, 2009
Wondering if it's possible to send a VSA from my radius server to my ASA-5505 that will instruct the ASA to use one of several split tunnel lists I have created, based on the user name supplied in the Radius request.For example, I can send a VSA of "ip:inacl#1=permit ..." and the ASA will dynamically create an access-list for that user.Is there a similar VSA for split tunnel?
View 8 Replies
View Related
Jan 9, 2013
i am trying to connect clients to my AP1231 which is running C1200 Software (C1200-K9W7-M), Version 12.3(8)JED. Client authentication is against RADIUS server. [code]
View 3 Replies
View Related
Sep 25, 2012
how to set up 2008 (NPS and NASs) RADIUS Server for 802.1X Wireless clients.
View 1 Replies
View Related
Dec 13, 2011
In the WLC there are two groups (say A and B). How would I take group B and point it to a RADIUS server for authentication? The server is ping reachable. I have searched but did not see any definitive answer.
View 3 Replies
View Related
May 22, 2013
We are experiencing a lot of these RADIUS failed to respond messages on our WLC's leading to a lot of RADIUS server hopping within the WLC.We are using Cisco 5508's, 1142 AP's and a Microsoft NPS RADIUS backend. SSID is WPA2+802.1xThe first workaround to this problem was to disable aggressive failover on the WLC. But this is only a temporary fix, because in the end, there will be more than 3 consequetive clients, failing to authenticate to the WLAN network. As a result, the WLC will swap to the 2nd RADIUS server configured.When we dived into this a little bit more we saw the following messages being logged on the RADIUS backend at the time we saw the RADIUS messages on the WL:Event ID: 6274: Network Policy Server discarded the request for a user.
View 16 Replies
View Related
Apr 24, 2013
I am using CiscoSecure ACS v4.2 appliance, in there any way that RADIUS logs upload to FTP server because it has limitation to store RADIUS logs.
View 15 Replies
View Related
May 1, 2013
I'm trying to configure ACS 5.4 as radius server for network access (PPP connections).In monitoring and reports the users have green color , but the clients cannot send data. Auth method is CHAP/MD5.
Allowed protocols are set to CHAP and PAP only.
View 5 Replies
View Related
Jul 3, 2007
I follow step by step the link bellow to configure web-auth with external RADIUS server but I receive a error on console debug of the WLC "Returning AAA Error No Server (-7) for mobile"My Radius Server is fine, because I can authenticate on WLC Web page with RADIUS user. WLC 4402 version 4.1.171.0 [URL]
View 2 Replies
View Related