NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
GS748T no radius authentication
Hi
I have a Windows Server 2012 configured with NPS and is working fine with WiFi access points.
I'm trying to configure my GS748T to authenticate EAP with the server. What I've done so ...
** Solved **
One thing I overlooked. Windows 7 and onwards have a service ' Wired AutoConfig' which is set to manual as default.
Set this to automatic and it works perfectly!
But there is no traffic from workstation.. Do you use some certificate which you record to switch? Or you only set Radius server IP, secret and
in 802.1x Configuration set Port Based Authentication State as enabled and set port which must be untrusted(for authentication).
I set authentation for port 15. When I plug out and in cable, in switch log is:
| 30 Jul 2018 11:06:28%STP-W-PORTSTATUS: g15: STP status Forwarding |
| 30 Jul 2018 11:06:24%LINK-I-Up: g15 |
| 30 Jul 2018 11:06:20%LINK-W-Down: g15 |
Communation is blocked, no info in Microsoft network monitor on Radius server side. On workstation I set 802.1x, Microsoft EAP-TTLS, use PAP, and valid credits. No certificate.
second problem:
Authentication List is only for loging to switch console, so it doesnt matter if it is on? But when I try to use it..on Radius side is everythink OK, but Switch send info about bad password. Is there some attribute in Radius message, which is really important for Netgear switches?
From my configuration;
On the switch, keep the Authentication List to Radius, Local, None. It enables all authentication to the Radius server including the console logon.
In Group Policy, set the wired config to use 'Smartcard or other certificate' and 'Computer only' authentication.
On the properties of 'smartcard or other cert', select 'Use a cert on my computer' click Advanced and select the root certificate issued from your CA.
On your NPS server, add the switch as a Radius client, create a 'Network Request' policy based on Domain Computers (or any other group for your computers) and a 'Client Friendly name'
Add a Network Policy adding the same group of computers and EAP type.
That should get you going. Tweek NPS to improve the constraints.
No way :-/ . Problem 1 - not working and problem 2 not working..
Problem 1 - authentication to admin console. NPS server get request from switch and accept it - averything seems ok. But switch not allow to log in - why?
Problem 2 - any data on NPS server from workstation. It seems that no data go thru switch to NPS server. Why? Where can I find any information about this? In log on switch there is no datas about EAP from workstation.Only
03 Aug 2018 10:31:40%STP-W-PORTSTATUS: g15: STP status Forwarding 03 Aug 2018 10:31:36%LINK-I-Up: g15 03 Aug 2018 10:31:31%LINK-W-Down: g15 It is problem of Radius attributs? Is there any document where can I find info about atributs which Netgear "must receive"?
I have .cer file from ma domain controller, but it contains no private key.So must I make new certificate, e.g. with Openssl, whitch will hace Public and Private keys?
Did you setup certificate on Netgear switch (Security/Access/HTTPS/Certificate management)? Or it can be blank.. sorry for too many questions, but I'am not network proffesional..
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
