hi
@c.tidswell, just to clarify: when you use WPA2-AES and an authentication server in the wlan, that means you use 802.1x.
From the message: "Requested EAP methods not available" looks that you need to check the NPS configuration to match whatever your clients are trying to authenticate with, which normally is, either PEAP:username and password using MSCHAPv2 or certificates with TLS.
Plese see the image to find out the configure options in NPS.
I hope this helps
Original Message:
Sent: Jan 11, 2023 08:57 AM
From: c.tidswell
Subject: 802.1x authentication issues
@CRoller I didn't say I don't authenticate via Radius, I said that I don't use 802.1x and that I'm not sure why the Virtual Controller is advising me that the Radius Server has rejected the credentials for this protocol when it isn't being used.
@cordless Thank you for your response - I appreciate I have to investigate the issue via the Radius server as that is where the rejection is coming from but there is no indication on the Radius as to why it would be rejecting it. In Event Log there is an information entry under Event ID 1006 and Source is EapHost with a response of "Negotiation failed. Requested EAP methods not available"
Original Message:
Sent: Jan 11, 2023 08:41 AM
From: Cedric Roller
Subject: 802.1x authentication issues
Additional to @cordless answer, i would like to ask @c.tidswell why you said you don´t authenticate via Radius Server, but as matter of fact the AP sends Authentication Request to an Radius Server ? What ist that for a server?
Maybe you should disable this, but than the question from cordless ist still not answered: how would you like to authenticate clients?
Original Message:
Sent: Jan 11, 2023 05:35 AM
From: Stefan Bartels
Subject: 802.1x authentication issues
This SSID is using Radius Authentication against Server "MAT-NPS-01". If this is the WLAN SSID which you have trouble with, you have to investigate in the Authentication Server, why he is telling the Aruba WiFi that "The AP cannot authenticate this client using 802.1x because the RADIUS server rejected the authentication credentials". This is a decision by the Radius Server.
Original Message:
Sent: Jan 11, 2023 05:01 AM
From: Chris Tidswell
Subject: 802.1x authentication issues
wlan ssid-profile AltusEP
enable
index 1
type employee
essid AltusEP
utf8
opmode wpa2-aes
max-authentication-failures 0
auth-server MAT-NPS-01
rf-band all
captive-portal disable
dtim-period 1
broadcast-filter none
deny-inter-user-bridging
g-min-tx-rate 12
a-min-tx-rate 12
multicast-rate-optimization
dynamic-multicast-optimization
dmo-channel-utilization-threshold 90
local-probe-req-thresh 0
max-clients-threshold 64
okc
dot11r
mdid 2627
dot11k
dot11v
Original Message:
Sent: Jan 10, 2023 11:07 AM
From: Stefan Bartels
Subject: 802.1x authentication issues
Can you paste the config of the WiFi SSID?
What type of Authentication are you using?
Original Message:
Sent: Jan 10, 2023 03:30 AM
From: Chris Tidswell
Subject: 802.1x authentication issues
Error message:
The AP cannot authenticate this client using 802.1x because the RADIUS server rejected the authentication credentials (password, etc)
---------------------
I'm struggling to understand why we are getting 802.1x error messages like the above when we are not using 802.1x. Has anyone else experienced this issue? We have clients that are dropping off the network periodically and these error messages are showing in the controller.
We are currently on 8.11.0.1 SSR using IAP 315 in cluster