05-05-2021 10:06 AM
I am trying to get 802.1x working on our ICX switches and on our WiFi.
All switches and APs / WiFi networks are managed in Ruckus Cloud.
I have configured a test wireless network for Enterprise AAA (802.1x), and have a RADIUS server setup (Windows 2019 with the NPS role).
When I try to connect to the WiFi network, I get prompted for my username and password, but I don't get past that, and cannot connect.
I am completely new to this; Is there any testing tool or tips that might help?
I have added all our APs as RADIUS clients in the NPS server, and have double checked the shared secret.
I have created a basic Network Policy in the NPS server; grant access to domain users, Microsoft PEAP w/ MS-CHAP-v2. Nothing special... just trying to get username/password auth to connect to the WiFi.
When trying to connect from a laptop, I get prompted for username and password, but cannot successfully auth. Pretty much same behavior if trying from a domain joined laptop or a non domain joined laptop.
Any tips are much appreciated!
Solved! Go to Solution.
05-07-2021 07:10 AM
So, a little embarrassing, but it looks like stuff started working once I set the local Windows firewall on the NPS server to allow all incoming connections.
This is strange because - when installing / configuring the NPS role - the corresponding allow rules were automatically created (I had double checked that a few times while working through this process). So, maybe there is some port requirement other than UDP 1812, 1645, 1813, 1646... and TCP 135 and RPC Dynamic Ports...
Anyone run into this before?
05-05-2021 10:12 AM
You probably already checked this document
Gives a extended walkthrough on the where and why
Below video also gives a decent step by step on the Ruckus side
As for the NPS side, I am sorry, not sure...
05-05-2021 10:24 AM
Yes - I am going off of that document and video as well... no joy yet though...
05-05-2021 11:25 AM
What is the client troubleshooting showing, in the Analytics section? In .1x scenario, the AP acts as the authenticator/proxy and the auth flow does not travel to the cloud controller. Are the APs IPs allowed by the radius server? Cheers - Phal
05-05-2021 11:42 AM
Thanks - I hadn't thought of looking at the Analytics in Ruckus Cloud...
I am there now, but apparently there is an issue with Analytics.... none of the widgets are loading... getting:
"Network error: Response not successful: Received status code 500"
on all widgets.