802.1X authentication woes with NPS & EAP

Had a frustrating issue with some UniFi APs where clients were not able to authenticate to the Pro models, but OK to the standard UniFis.

Running a packet capture on the NPS server I could see many Access-Requests arriving at the server with an Access-Challenge immediately being sent back, but the AP would just keep sending the same request and the server was neither Rejecting or Allowing the connection.

If you’re having similar sounding issues, try adding a ‘Framed-MTU’ attribute to the Network Policy settings.

The MS article recommends to use a Framed-MTU of 1344, but ended up settling on 1400. We did had Jumbo frames enabled on the server running NPS role which I think may have been contributing to the problem. Hope this can help someone out!

Framed-MTU Setting

 

 


2 responses to “802.1X authentication woes with NPS & EAP”

  1. Deniel Avatar
    Deniel

    Hi, I’m having the same problem as you on the UNIFI AC Pro models, I’d like to know the configuration that was applied to the network policies to see if I’m on the right track, my standard UNIFI normally authenticate

    1. James Avatar
      James

      Hi Deniel – did you get the issue sorted? I think you may have been posting on a UBNT forum I saw

Leave a Reply