AC500 with CAP1750 - RADIUS Auth won't work

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

AC500 with CAP1750 - RADIUS Auth won't work

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
AC500 with CAP1750 - RADIUS Auth won't work
AC500 with CAP1750 - RADIUS Auth won't work
2018-12-05 10:36:29

Hi!

 

First things first..:

Our business setup includes the AC500 plugged to a TL-SG2424P and should broadcast a Corporate WLAN and a Guest WLAN in different VLANs with multiple CAP1750 (at least in the future - for now it's 1 CAP1750 for testing purposes) and a Windows Server 2016 VM with NPS for RADIUS Authentication

Our different VLANs are working like they should, but when it comes to RADIUS Auth, the Portal throws a timeout..

I tried a lot of different settings / configurations, but just can't get it to work (there is communication between AC500 and RADIUS - got enough logs of all those login attempts)

Logs are mostly "NPS discarded the request for a user" - Reason: "The RADIUS Request message that NPS received from the network access server was malformed."

 

Since i weren't able to find detailed documentation for attribute pairs that are sent from AC500 for authentication, or at least a setup like this, can someone provide any informations?

 

What i have configured for now: Corp WLAN bound to related VLAN / RADIUS Server and Auth Server Group / Web Authentication with Remote Auth Server and a Free Authentication Policy..

 

Feel free to ask if you need further information regarding the config..

 

Thanks for any help in advance

 

 

Best regards, Manuel

  0      
  0      
#1
Options
3 Reply
Re:AC500 with CAP1750 - RADIUS Auth won't work
2018-12-07 07:28:19

hey dude, can you share the detailed configuration of your radius authentication part?

Maybe I can help look into it .

  0  
  0  
#2
Options
Re:Re:AC500 with CAP1750 - RADIUS Auth won't work
2018-12-07 16:14:47

DeepDarkFantasy wrote

hey dude, can you share the detailed configuration of your radius authentication part?

Maybe I can help look into it .

sure thing:

 

configuration of radius server in ac500:

server adress = ip from NPS

auth-port: 1812

billing port: 1813

share key: ****

retry count: 3

timeout interval: 10sec

NAS ip: blank

authentication method: MSCHAPv2

 

NPS Radius Client:

Friendly Name: "AC500-WLC"

address: ip of ac500

shared secret: key from above

advanced: vendor "RADIUS Standard"

"Access-Request messages must contain the Message-Authenticator attribute" = disabled

 

Network Policy:

Grant access if connection matches policy

type of NAS: unspecified

condition: user group = domain user (also tried client friendly name = "AC500-WLC")

authentication method: MS-CHAPv2

RADIUS attributes: Framed Protocol = PPP and Service-Type = Framed

 

Connection Request Policy:

type of NAS: unspecified

conditions: NAS Port Type = Ethernet or Wireless - IEEE 802.11  and  NAS Identifier = TP-LINK (also tried client friendly name = "AC500-WLC" instead of NAS Identifier)

Settings left standard

 

 

got any ideas?

 

best regards

  0  
  0  
#3
Options
Re:AC500 with CAP1750 - RADIUS Auth won't work
2018-12-11 08:12:38

Hi  Manuel,

Thanks for your kind feedback.

For this case, since the log warns that the request packet is malformed, a better way to troubleshoot is to capture data packets from the incoming port and outcoming port of the topology, in this way, we can compare the packets to see the differences.

Here I want to know some detailed information in order to help you troubleshoot this issue:

1. What is the complete network topology like?

2. Can you share the detailed configuration part on the switch and the AC controller?(Snaps or configuration file is preferred)

3.For the NPS, can you please tell me the detailed version of it?

Thanks in advance and looking forward to your reply.

  0  
  0  
#4
Options