Got it
Enterprise
Community Forums Switches
Asking for help in config...

Asking for help in configuring Microsoft NPS for our hauwei WLC

Created: Jan 20, 2021 07:36:31Latest reply: Feb 4, 2021 15:38:00 165 10 0 0
  Rewarded HiCoins: 0 (problem resolved)
display all floors #1

We have a huawei wlc AC6005-8-8AP. Let's not talk about the client machines connecting because we do not have problem with that. The problem is with the AAA test tool of the wlc. When we run the AAA test tool we get the "Info: Authentication may fail due to incorrect name or password". There is no problem with the account used since it works with other systems. On Microsoft NPS radius side the error is there is no matching Connection Requests Policy. " Reason Code: 49
Reason: The RADIUS request did not match any configured connection request policy (CRP)."

Already tried different settings and combinations from setting conditions like ethernet, NAS IP (wlc IP), among many other things. But it just unable to catch what type of connection request it is. We even copied the connection request policy of ruckus zone director (which has a worling AAA test tool) but still we are unable to make huawei's AAA test tool to work.

WLC
  • x
  • convention:

I have this problem too (0) Favorite(0) Share Report
Previous: Huawei S series switches - a CLI-based and Web-based configuration video [All About Switches]
Next: Interworking and Replacement Guide VTP
Featured Answers

Recommended answer

(0) (0)
DDSN
Admin Created Jan 20, 2021 08:24:35 Helpful(0) Helpful(0)

Hi jarves,
Based on the error mesage, we can find that the connection request did not match a configured connection request policy, so the connection request was denied by Network Policy Server.
To troubleshoot this issue, please perform the following steps.
1. On the server running NPS, click Start, click Run, type nps.msc, and press ENTER.
2. In the NPS console tree, open Policies\Connection Request Policies. Review the configuration and processing order of the connection request policy used to match NAP client access requests.
3. In the NPS console tree, open Policies\Network Policies. Review the configuration and processing order of the network policy used to match NAP client access requests.
4. If no errors are found in the connection request policy or network policy configuration, check the status of the NAP Agent on the client computer and confirm the enforcement client is enabled.
For more information, please take a look at the following article:
Access Request Was Denied
http://technet.microsoft.com/en-us/library/dd348487(WS.10).aspx
I hope it helps!
View more
  • x
  • convention:
All Answers
DDSN
DDSN Admin Created Jan 20, 2021 07:37:24 Helpful(0) Helpful(0)

Hi jarves,
Please wait patiently. Our engineers are looking for answers to your questions.
View more
  • x
  • convention:

jarves
jarves Created Jan 20, 2021 07:45:49
Thanks! I will wait patiently.  
DDSN
DDSN Admin Created Jan 20, 2021 08:24:35 Helpful(0) Helpful(0)

Hi jarves,
Based on the error mesage, we can find that the connection request did not match a configured connection request policy, so the connection request was denied by Network Policy Server.
To troubleshoot this issue, please perform the following steps.
1. On the server running NPS, click Start, click Run, type nps.msc, and press ENTER.
2. In the NPS console tree, open Policies\Connection Request Policies. Review the configuration and processing order of the connection request policy used to match NAP client access requests.
3. In the NPS console tree, open Policies\Network Policies. Review the configuration and processing order of the network policy used to match NAP client access requests.
4. If no errors are found in the connection request policy or network policy configuration, check the status of the NAP Agent on the client computer and confirm the enforcement client is enabled.
For more information, please take a look at the following article:
Access Request Was Denied
http://technet.microsoft.com/en-us/library/dd348487(WS.10).aspx
I hope it helps!
View more
  • x
  • convention:
jarves
jarves Created Jan 20, 2021 09:21:29 Helpful(0) Helpful(0)

I already read this. It doesn't do much, as earlier provided, did some combinations of the working setting and even applied the working setting for ruckus zone director. Still no go.
View more
  • x
  • convention:

DDSN
DDSN Created Jan 20, 2021 09:24:38
You try the steps in the following link to troubleshoot:
https://support.huawei.com/hedex/hdx.do?docid=EDOC1100169994&id=EN-US_TASK_0176366450&lang=en  
jarves
jarves Reply DDSN  Created Jan 20, 2021 11:44:19
will check this out and give you feedback.  
jarves
jarves Reply DDSN  Created Jan 22, 2021 18:30:26
It did not help.

Do wireless controllers require a certificate of the radius server?
My radius server is Windows Server 2016 with NPS role
My wireless controller is AC6005-8-8AP.
My machines connecting are windows machines and mobile devices.
This is a windows domain environment.

Wireless machines and mobile devices can connect successfully but AAA Test Tool from huawei  
DDSN
DDSN Admin Created Jan 23, 2021 01:45:15 Helpful(0) Helpful(0)

Hi jarves,

After consulting experts, the AC6005-8-8AP and Microsoft NPS are compatible, but only 802.1X and MAC address authentication are supported. RADIUS authentication is not supported.

View more
  • x
  • convention:

jarves
jarves Created Jan 31, 2021 00:36:19
I'll try the caller station id using the mac of the access controller. I'll see if it works.  
jarves
jarves Created Feb 4, 2021 15:38:00 Helpful(0) Helpful(0)

It seems that even using calling-station-id doesnt seem to work.
View more
  • x
  • convention:
Back to list

Comment

Advanced
B Color Image Link Quote Code Smilies
You need to log in to comment to the post Login | Register
Comment

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."

My Followers

Login and enjoy all the member benefits

Login
Huawei Website Support About Huawei Privacy User Agreement Terms of Use Cookie Settings
Huawei Enterprise Huawei Carrier Forum Training & Certification

Copyright © 2021 Huawei Technologies Co., Ltd. All rights reserved.

APP

Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Reminder
Please bind your phone number to obtain invitation bonus.