Sophos Switch and Microsoft NPS (RADIUS)

Hello

I am trying to implement 802.1x on Sophos switch with Microsoft NPS server. After configuring all settings on both sides (IP addresses, shared secret etc..) there is no logs from Sophos switch in event log on NPS server. I checked on firewall that switch is sending requests to NPS. If I remove Sophos switch from clients in NPS, I get message that NPS received requests from unknown client (switch). Log settings display all events since I have 802.1x enabled on other switches and Access points.

Are there any special considerations adding Sophos switch to NPS (manufacturer)?

And are there any special VSA codes used for dynamic VLAN assignment?

Matjaz

Top Replies

Mayer Christian 3 months ago in reply to David Jacobs +2 suggested

Good day, It seems like a firmware update on the switch solved the issue. Additionally it is very important to allow jumbo frames on all network devices on the way. I forgot to do so on the virtual switches…

0 Matjaz Dobrovoljc 6 months ago

Ok, did some more testing, EAP-TLS is not working, PEAP is working without problems. There is no special VSA attributes needed (same as for Cisco).

Dynamic VLAN assignment also working.

BR
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Nathaly Soliely Santana Souza 4 months ago in reply to Matjaz Dobrovoljc

Boom dia, estou com o mesmo problema ? voce conseguiu resolver ?
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Matjaz D 4 months ago in reply to Nathaly Soliely Santana Souza

Hello

Still not resolved.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Raphael Alganes 4 months ago

Hello Matjaz,

Good day and thanks for reaching out to Sophos Community and hope you are well

Are you still encountering the said issue? And May we ask if you have created a support ticket for this? If none I may recommend you to create one so it can be further checked. Then kindly share us the would be generated caseID so we can follow along internally.

Many thanks for your time and patience and thank you for choosing Sophos

Cheers,

Raphael Alganes
Community Support Engineer | Sophos Technical Support
Sophos Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'Verify Answer' link.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Mayer Christian 3 months ago

Good day,

I am having the same issue.
PEAP works fine, but the EAP-TLS communication just stops when the client sends his certificate. The switch just drops it.
Configuring jumbo packets on the switch nor the client help with this.

I have an open case in Sophos Support that is trying to resolve it.
Internal case number is 06015671.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 David Jacobs 3 months ago in reply to Mayer Christian

hi Mayer,

We are running into the same problem, and I was wondering how this ended for you?
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Mayer Christian 3 months ago in reply to David Jacobs

Good day,

It seems like a firmware update on the switch solved the issue.
Additionally it is very important to allow jumbo frames on all network devices on the way.
I forgot to do so on the virtual switches inside our ESXi's, so the packets were fragmented.

It seems to be working now.
Cancel
Vote Up +2 Vote Down

Sign in to reply

Verify Answer

Reject Answer

Cancel