M and MSM Series
1748228 Members
4688 Online
108759 Solutions
New Discussion юеВ

Re: HP E-MSM430 802.11x Authentication with NPS

 
SOLVED
Go to solution
JesseR
Regular Advisor

Re: HP E-MSM430 802.11x Authentication with NPS

One thing that looked weird to me is the NASID you are using "1234" ?? Where did you get that?  On my MSM controller, the NASID for the RADIUS profile is the actual serial # of the MSM.    (dont think thats the problem... just curious)

 

On my NPS server, under Conditions, the NAS Port Type only has 2 items checked.   "Wireless - IEEE 802.11" and "Wireless - Other".   I am not used any vendor specific RADIUS attributes at all.   The standard attributes that are set are Framed Protocol - PPP and Service Type - Framed.

 

If you can screenshot all of your various RADIUS policy settings, I can compare to mine.  Though I have 2 different ones.. one for EAP-TLS and another for PEAP.

 

J

Jesse R
Source One Technology, Inc.
HP Partner


MSM 5.7.x deployment guide:

JesseR
Regular Advisor

Re: HP E-MSM430 802.11x Authentication with NPS

Also, what is the NPS event log reporting?? (windows event log -> server roles - > nps

You should see the actual rejection/error and applicable error code and reason why.. ?


Jesse R
Source One Technology, Inc.
HP Partner


MSM 5.7.x deployment guide:

Fredrik L├╢nnman
Honored Contributor

Re: HP E-MSM430 802.11x Authentication with NPS

I'd suggest creating a separate policy for the management login, Im not sure on using framed-protocol ppp and service-type framed will match with that. Sadly I dont have access to the NPS where I've done this ;\
---
CCIE Service Provider
MASE Network Infrastructure [2011]
H3CSE
CCNP R&S

Viper_x
Advisor

Re: HP E-MSM430 802.11x Authentication with NPS

I'd like to thank you all for your help today. Final I got the management tool authenticatng correctly. After analysing the RADIUS packets on the NPS server and using notes you guys posted I got it working.

Fredrik the post regarding "match on NAS port type Async" under the network conditions was required and a re-newal of the CA CERT on the WAP resolved my problem.

I do have one last problem, which I will raise as a different post, if anyone is willing to take a look it'll be most appricated.

Again thanks for your help.