Meraki

Community

Microsoft NPS + Microsoft NPS for MAC-Based RADIUS

Solved
rabusiak
Getting noticed
‎Aug 23 2023 5:58 AM
‎Aug 23 2023 5:58 AM

Microsoft NPS + Microsoft NPS for MAC-Based RADIUS

Hi Guys,

Have any of you successfully setup MAC authentication bypass policy with NPS?
I'm following this document: Configuring Microsoft NPS for MAC-Based RADIUS - MS Switches - Cisco Meraki


All is set according to documentation but port with this policy is not forwarding traffic.

NPS logs are catchings my device request but it says: access denied because no matching network policy was found

1.png

2.png

Labels:
0 Kudos
1 Accepted Solution
rabusiak
Getting noticed
‎Aug 27 2023 11:46 PM
‎Aug 27 2023 11:46 PM

Thank you all for suggestions. I went for the 10th time through entire configuration and all was set correctly... except that I put test user in a wrong AD group 😛

This is why it's requests didn't match any of configured network policies 😉

View solution in original post

0 Kudos
5 Replies 5
rabusiak
Getting noticed
‎Aug 23 2023 6:08 AM
‎Aug 23 2023 6:08 AM

Funny thing - I have also other Network policy which has NAS Port Type set to Wireless and is used for WIFI AD auth. If I remove NAS Port Type from it I have a match but then authentication method is not supported (unencrypted) and have access denied also:
3.png

0 Kudos
In response to rabusiak
alemabrahao
Kind of a big deal
Kind of a big deal
‎Aug 23 2023 6:25 AM
‎Aug 23 2023 6:25 AM

Maybe it will help you.

 

 

https://www.youtube.com/watch?v=Iput9nLnldA

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to rabusiak
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Aug 23 2023 1:28 PM
‎Aug 23 2023 1:28 PM

If the authentication request is coming in using PAP, then you need to add that as an allowed method in your NPS policy.

0 Kudos
alemabrahao
Kind of a big deal
Kind of a big deal
‎Aug 23 2023 6:20 AM
‎Aug 23 2023 6:20 AM

Is your Connection Request Policy ok?

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
rabusiak
Getting noticed
‎Aug 27 2023 11:46 PM
‎Aug 27 2023 11:46 PM

Thank you all for suggestions. I went for the 10th time through entire configuration and all was set correctly... except that I put test user in a wrong AD group 😛

This is why it's requests didn't match any of configured network policies 😉

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.