Microsoft NPS + Microsoft NPS for MAC-Based RADIUS

Solved
rabusiak
Getting noticed

Microsoft NPS + Microsoft NPS for MAC-Based RADIUS

Hi Guys,

Have any of you successfully setup MAC authentication bypass policy with NPS?
I'm following this document: Configuring Microsoft NPS for MAC-Based RADIUS - MS Switches - Cisco Meraki


All is set according to documentation but port with this policy is not forwarding traffic.

NPS logs are catchings my device request but it says: access denied because no matching network policy was found

1.png

2.png

1 Accepted Solution
rabusiak
Getting noticed

Thank you all for suggestions. I went for the 10th time through entire configuration and all was set correctly... except that I put test user in a wrong AD group 😛

This is why it's requests didn't match any of configured network policies 😉

View solution in original post

5 Replies 5
rabusiak
Getting noticed

Funny thing - I have also other Network policy which has NAS Port Type set to Wireless and is used for WIFI AD auth. If I remove NAS Port Type from it I have a match but then authentication method is not supported (unencrypted) and have access denied also:
3.png

Maybe it will help you.

 

 

https://www.youtube.com/watch?v=Iput9nLnldA

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
PhilipDAth
Kind of a big deal
Kind of a big deal

If the authentication request is coming in using PAP, then you need to add that as an allowed method in your NPS policy.

alemabrahao
Kind of a big deal
Kind of a big deal

Is your Connection Request Policy ok?

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
rabusiak
Getting noticed

Thank you all for suggestions. I went for the 10th time through entire configuration and all was set correctly... except that I put test user in a wrong AD group 😛

This is why it's requests didn't match any of configured network policies 😉

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels