oh man you are a life saver. I was only getting it partly working with a bunch of other walkthroughs. Yours worked right off the bat. Thank you! Windows Server 2016 - C9300 on 16.8.1a

Outstanding, I had all the right pieces in place but they were not lined up correctly on my Server 2019 and Cisco Catalysis 9300. All set now, thanks for putting this out there.

Thank you so much it's worked for me

Hi, thanks for the tutorial. I tested this with a Windows Server 2012R2, which is currently also being used as our MAB-server. My iOS device is an old Cisco1721 using iOS 12.4(25d). I am sitting in an AD-forest and assume my testingdevice is too old. I wonder if the command "domain-stripping" could add the domain automatically to the username. Can you confirm this thought? _____ Oh, also I'm not sure if you mentioned, but the local account is only being used when the Cisco IOS device cannot pass the authentication to the radius OR the radius cannot pass it to the active direcotry.

Nice video mate

Is it possible to then limit who can log into the router, such as only a certain group in AD/LDAP?

To connect a user through the wireless network, what type of radius authentication must the switch have?

Great video, but the splash screen at the end made me shard a little.

Great video thank you, do you have one on Cisco ICE 👍👍👍

Has anyone configured a cisco switch with radius from DUO using their auth proxy? Would the cisco side of this tutorial be the same?

Great tutorial! Quick question for you for anyone that might know. Do you know if after enabling aaa for authentication is the option still available to login with the local credentials that were created on the router/switch?

How are you making this work using MS-CHAP? My previous setup on 2012 required me to use "Unencrypted authentication (PAP, SPAP).

I configured everything exactly as shown in here but still there's a problem authenticating.

just for the nps server ?? how can i add one in my lab ?

it doesn't work mate, the syslog said: invalid_group_handle , anyone can help please))

don't forget to use (BAP percentage of capacity), sometime the radius won't work without it.

It is working if I unchecked all button except Unencrypted authentication (PAP, SPAP) on Authentication Methods under Network policies :)

how about the failover if the NPS(radius is down) the local admin should work right?

Hi, where do you defined acouch-adm?

the acouch-adm account comes from where ?????