NAP – How to connect workstations using Network Access Protection to a RADIUS server
Setup:
Radius Server – Windows server 2012 R2 Standard with NAP installed and configured
Wireless – Cisco Meraki M32 Wireless Access Points connected to a MX firewall.
Issue:
When Clients are connecting to a Wireless network using 802.11 or WPA2 Enterprise they are showing in the event viewer on the radius server as Non-NAP Capable and quarantined.
Event ID: 6276
Authentication Details:
Connection Request Policy Name: NAP 802.1X (Wireless)
Network Policy Name: NAP 802.1X (Wireless) Non NAP-Capable
Authentication Provider: Windows
Authentication Type: PEAP
EAP Type: Microsoft: Secured password (EAP-MSCHAP v2)
Quarantine Information:
Result: Quarantined
Cause:
This occurs if the client is not setup correctly causing them to show as Non-NAP Capable.
Resolution:
There are a few Settings that need to be enabled on the client and most/all of the settings below can be pushed out by a group policy.
1) Make Sure the Network Access Protection Service is running
2) As there is a delay when the wireless network connects you need to start the NAP service after the wireless.
This can be done by going to the following entry in the registry and making the change below:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WlanSvc
Update the DependOnService entry and add napagent.
The entry should look similar to the below. You will need to reboot the client for the registry change to take effect.
NOTE: The service WCMSVC below is only required for Windows 8 workstations.
3) Enable the Following Setting in:
GPO Manager > Computer Configuration > Policies > Windows Settings > Security Settings > Network Access Protection > NAP Client Configuration > Enforcement Clients
4) On the Client Machine go to Network and Sharing
Select adaptor settings > Right click the Wireless connection once connected to the wireless connection > Select Status > Wireless Properties > Security Tab > Settings > Select Enforce Network Access Protection > Select OK on all open windows.
Office 365 Updates
- An error has occurred, which probably means the feed is down. Try again later.
Microsoft Security Updates
- An error has occurred, which probably means the feed is down. Try again later.
Cisco Security Advisories
- Cisco IOS Software for Cisco Industrial Routers Virtual Device Server Static Credentials VulnerabilityA vulnerability in the virtual console authentication of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an authenticated but low-privileged, local attacker to log in to the Virtual Device Server (VDS) of an affected device by using a set of default credentials. […]
- Cisco IOx for IOS XE Software Privilege Escalation VulnerabilityA vulnerability in the authorization controls for the Cisco IOx application hosting infrastructure in Cisco IOS XE Software could allow an unauthenticated, remote attacker to execute Cisco IOx API commands without proper authorization. The vulnerability is due to incorrect handling of requests for authorization tokens. An attacker could exploit this vulnerability by using a crafted API call […]
- Cisco IOS XE Software Web UI Unauthenticated Proxy Service VulnerabilityA vulnerability in the web-based user interface (web UI) of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to bypass access control restrictions on an affected device. The vulnerability is due to the presence of a proxy service at a specific endpoint of the web UI. An attacker could exploit this vulnerability by connecting […]
- Cisco IOS and IOS XE Software Common Industrial Protocol Denial of Service VulnerabilitiesMultiple vulnerabilities in the implementation of the Common Industrial Protocol (CIP) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerabilities are due to insufficient input processing of CIP traffic. An attacker could exploit […]
Recent Comments