This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

WLAN Radius (NPS) authentication fails (since upgrade to UTM 9)

Hi,

since the upgrade to UTM 9 (9.004-34) (HA Mode) we are experincing some problems with our WLAN authentication.
There is a RADIUS server set up (Windows Server 2008R2, NPS Server, configured as described in the Sophos KB), which worked fine with our devices running V8.***. Since the upgrade to UTM none of the clients is able to connect to the wireless network using WPA2 Enterprise (WPA2 PSK works fine). Nothing was changed on the RADIUS server side and the configuration/shared key, etc was double checked. There are no errors in the NPS log, but the Sophos wireless log shows the authentication process.

The error showing up is the following:
802.1X: authentication failed - EAP type: 0 ((null))
802.1X: Supplicant used different EAP type: 1 (Identity)

The part of the logfile showing the error message is attached.

Any ideas?

Thanks.

This thread was automatically locked due to age.

Parents

0 djmoore250 over 11 years ago

Here is more information about my current setup:

UTM 9.106-17
1 Sophos AP50
1 Windows server 2008 R2 Radius server

3 VLANs
VLAN7 SSID "House" is bridged to this VLAN (WPA2 Enterprise with AES)
VLAN9 SSID "Guest" is bridged to this VLAN (WPA2 Personal)
VLAN98 SSID "Games" is bridged to this VLAN (WPA2 Personal)

the SSID's on VLAN9 and VLAN98 both work fine, but clients trying to connect to the SSID on VLAN7 do not get an IP address, they get the 169 auto configure address

The AP VLAN ID is 7

The AP is plugged into an HP Manageable switch, the port the AP is plugged into is configured as follows

The port is tagged for VLAN9 and VLAN98, the PVID of the port is VLAN7, VLAN7 is untagged.

The AP gets a DHCP IP address from VLAN7, I have set a DHCP reservation for the AP.

The radius server is on VLAN7

The client that I have been testing VLAN7 with will connect to the SSID's on VLAN9 and VLAN98 and get the correct IP address and can access the internet.

One thing I noticed is that after connecting the client to the SSID on VLAN9 (this works) and then connecting it back to the SSID on VLAN7, is that the client still gets the autoconfigure 169 IP address, but when I go to Wireless Protection, Wireless Clients the client device shows up with the correct mac address, says it's online but has an IP address from VLAN9

Is there a way to verify the firmware version of the AP?
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 djmoore250 over 11 years ago

Here is more information about my current setup:

UTM 9.106-17
1 Sophos AP50
1 Windows server 2008 R2 Radius server

3 VLANs
VLAN7 SSID "House" is bridged to this VLAN (WPA2 Enterprise with AES)
VLAN9 SSID "Guest" is bridged to this VLAN (WPA2 Personal)
VLAN98 SSID "Games" is bridged to this VLAN (WPA2 Personal)

the SSID's on VLAN9 and VLAN98 both work fine, but clients trying to connect to the SSID on VLAN7 do not get an IP address, they get the 169 auto configure address

The AP VLAN ID is 7

The AP is plugged into an HP Manageable switch, the port the AP is plugged into is configured as follows

The port is tagged for VLAN9 and VLAN98, the PVID of the port is VLAN7, VLAN7 is untagged.

The AP gets a DHCP IP address from VLAN7, I have set a DHCP reservation for the AP.

The radius server is on VLAN7

The client that I have been testing VLAN7 with will connect to the SSID's on VLAN9 and VLAN98 and get the correct IP address and can access the internet.

One thing I noticed is that after connecting the client to the SSID on VLAN9 (this works) and then connecting it back to the SSID on VLAN7, is that the client still gets the autoconfigure 169 IP address, but when I go to Wireless Protection, Wireless Clients the client device shows up with the correct mac address, says it's online but has an IP address from VLAN9

Is there a way to verify the firmware version of the AP?
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data