Sonicwall Radius Authentication fails to connect to the Radius NPS Server
03/26/2020 36 15466
Sonicwall Radius Authentication fails to connect to the Radius NPS Server . The Wireless Client fails to connect to the Radius server . In the Sonicpoint Logs you see "IEEE 802.1X: unauthorizing port" . In the Sonicwall packet capture you see the request to the Radius server but no response
Customer has a Windows Radius Server ( NPS ) and the Wireless Client request via the Sonicpoints a Radius Authentication.
Solution :You need to put the IP Address of the Sonicpoint-Interface as a Client in the NPS Radius Server
Attention: This is not necessary the X0 IP of the SonicWall . In 184.108.40.206 and higher the administration SonicWall creates a NAT Rule that translates the request from the Sonicpoints to the Interface IP of the Sonicpoint Zone.
Example: Your Sonicpoint is connected on X4 like in the screenshot below. The SonicWall translates the request via a NAT policy for the Radius Server to X4. Therefore the Request comes from the X4 IP and therefore you need the X4 IP in the NPS Configuration of the Windows NPS-Radius Setup as an allowed Client-IP
The X4 needs to be in the NPS-Radius Configuration as a allowed Client IP because the SonicWall sends the Radiusrequest via the X4. The X4 is only an example, you need to check which interface is actually used for the Sonicpoints and this interface IP needs to be the added to the NPS Configuration
Additional / Background Information: ------------------------------------------------ If you check the NAT Rules you will find for the Radius Service a NAT rule. In the below screenshot you will see , why the request comes from X4, because the SonicWall is doing a NAT for the Radiusservice to the X4-IP