Meraki

Community

Port not forwarding traffic due to Access policy

Tarmahmood1
Getting noticed
‎Oct 16 2024 1:49 PM
‎Oct 16 2024 1:49 PM

Port not forwarding traffic due to Access policy

Hi,

 

We have applied policy on switch port if the authentication fails with radius then it will move to Client to guest vlan. Problem is that we dont get any error in NPS and still few users(6-9) on switch are moved out to Guest vlan. Any idea?

 

I have rebooted the switches but still the same. It works fine with other users. 

 

 

Tarmahmood1_0-1729111533991.png

 

Thanks

0 Kudos
1 Reply 1
Mloraditch
Head in the Cloud
‎Oct 16 2024 1:56 PM
‎Oct 16 2024 1:56 PM

It could be that NPS is not responding which is the same net effect as a denial. There are also other NPS logs that may not be enabled for whatever reason which may help.

 

https://learn.microsoft.com/en-us/troubleshoot/windows-server/networking/troubleshoot-network-policy...

You can do a packet capture on the NPS server to make sure you are getting the radius traffic and if you are what responses are (or aren't) being sent. If the requests are getting to NPS and NPS isn't responding or is sending back denials you at least know you have a Microsoft side issue. If the packets are occasionally not getting to the server at all, may need to check along the traffic path to see where they may be dropped.

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2025 Cisco Systems, Inc.