Switches, Hubs, and Modems
Showing results for 
Search instead for 
Did you mean: 

peap-mschapv2 on web authentication

Chad Lenox
Occasional Visitor

peap-mschapv2 on web authentication

I'm trying to configure a ProCurve 3500yl-24G (Software K.14.47) to use web-based authentication for port access. I'm using Microsoft's NPS on Server 2008 for RADIUS authentication. I can successfully authenticate, get assigned to the right VLAN, and get an IP when I use chap-radius and store my password using reverse encryption in AD, but I cannot authenticate when I try to use peap-mschapv2. Here is what my config looks like:

radius-server host key "123456789"
aaa authentication port-access eap-radius
aaa authentication web-based peap-mschapv2
aaa port-access authenticator 1
aaa port-access authenticator active
aaa port-access web-based 1
aaa port-access web-based 1 redirect-url "http://www.google.com"
aaa port-access web-based 1 auth-vid 2
aaa port-access web-based 1 unauth-vid 3
aaa port-access web-based dhcp-addr
aaa port-access web-based ewa-server "/EWA"

Does anyone know the correct settings in NPS for peap-mschapv2 on web authentication?
Occasional Visitor

Re: peap-mschapv2 on web authentication

Hi Chad,

There is an interoperability issue with that feature with Server 2008 NPS. I think you will find that it works with Server 2003 IAS.

The problem has been corrected in a newer version of the switch firmware K.15.02.0005 and can be downloaded free of charge at: