Header Only - DO NOT REMOVE - Extreme Networks

Client are rejected on NAC with the reason "rejected by radius mschap"

  • 12 February 2019
  • 2 replies

Hi everyone,

I have some project to deploy Extreme NAC server and the client is authenticated via LDAP Blind using account proxy (no use administrator). I have configured AAA config on NAC for Ldap and tested users (via wired) on Nac successfully. And then, tested user (via wireless) on EWC it seems error state description "Rejected by radius mschap". I have tested both oh windows 8 and windows 10 PC's. Is this error caused by using a proxy (not use administrator) account on LDAP?

2 replies

Userlevel 7
If it works via wired I'd say that the settings NAC to LDAP are fine.

What's the RADIUS protocol setting on the EWC, PAP/CHAP ?

Userlevel 7
I guess the client configuration is different for wired and for wireless. Please check the 802.1X setting on the supplicant.

There should be no difference between "Supplicant -> Switch -> Access Control Engine" and "Supplicant -> Controller -> Access Control Engine".

As suggested by Roland, check the radius setting on the controller. Check your AAA rules in ExtremeControl also.