Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
About zdawg
zdawg
Comes here often
Member since Oct 25, 2024
a month ago
Community Record
10
Posts
0
Kudos
0
Solutions
Badges
a month ago
Well, I do know for a fact that the switch can reach the NPS. In fact, if I lower my security to MSCHAPv2, I have no issues with the supplicant reaching the NPS. We also do not use a vMX.
... View more
a month ago
I'd also like to point out while I am attempting to setup and test if this happens on AP's that the Accounting Server keeps deleting itself after it's been saved within the Wireless Access Control configuration.
... View more
a month ago
I have not, although, I plan on testing that today. As well as testing just computer authentication.
... View more
a month ago
The Domain Controller/NPS server are in Azure. We are connected with a site-to-site VPN. I did a packet capture on "Internet 1" and "Site-to-Site VPN over Internet 1" and found no packets with port 1812.
... View more
a month ago
Has anyone been able to get it working? I have been on support many times and got nowhere. I myself also had a Meraki rep tell me similar things saying I should make a suggestion to the product team. I just for some reason don't buy this is the case considering this is a Cisco product we are talking about.
... View more
a month ago
I am not finding anything regarding port 1812 on the NPS. I will run another scan to see.
... View more
a month ago
Yeah, I fully verified the client IP addresses, even went as far as using individual IP addresses instead of a subnet. I also created an Authentication and Accounting template to ensure secret consistency and triple checking it is correct in the Meraki Access Policy. Yeah, the trusted root is indeed in the personal and root store on the server. I have gone through that article religiously over the last two weeks and still unable to get it to work.
... View more
Oct 25 2024
2:02 PM
I have been dealing with getting this working for some time now. I am not entirely sure what you will all need from me, and I can give whatever you need to assist. We are using Cisco MS switches and want to implement 802.1x EAP-TLS over Ethernet and have our NPS authenticate the user and place that user on the VLAN they belong in, which is handled by User Group within NPS Conditions. The server has RequireMsgAuth and LimitProxyState to disabled (KB5043417: RADIUS authentication to NPS might fail with the July 2024 security update and later updates - Microsoft Support). While running a packet capture on an end point device utilizing a port with the Meraki Access Policy for 802.1x and the NPS I do see it trying to authenticate, however, it stops at "Access-Request" on the NPS Wireshark log. NPS event viewer does not show anything. Checking CAPI2 logs (certificate logs) on the end device in Event Viewer I see no certificate issues. I verified that all certs are applied, auth method is set to Smart Card... on both NPS side and 802.3 group policy side yet still cannot authenticate. The NPS is also our domain controller and yes, all computers can do what they need on the DC without issue. I am sure there is MUCH more info I could give, so please feel free to ask. Thank you!
... View more
© 2024 Cisco Systems, Inc.
