updateNetworkWirelessSsid update RADIUS NPS fail

Scott_CC
Here to help

updateNetworkWirelessSsid update RADIUS NPS fail

Hello

 

Good day to you.

Yesterday, by define networkID, ssid number, NPS list, I success update some network's SSID.

but in some network, I got error said "'encryptionMode' must be one of: 'wep' or 'wpa1', or 'wpa2' ....

I use Python Meraki library. I have no idea how to fix it.

 

If I manually update by web interface, I success. Then if I run my script again, it can success submit by same content.

May I have your advise how to fix if I encounter again?

Thanks for your time.

 

Best Regards.

Scott Gao

12 Replies 12
PhilipDAth
Kind of a big deal
Kind of a big deal

Check the authMode parameter that you are passing.

 

Otherwise, can you paste your code?

Hello Philip

 

May you please check below.

 

 

updating:net002
2024-05-30 21:22:46 meraki: INFO > GET https://api.meraki.com/api/v1/networks/networkID_xxxxxxxx/wireless/ssids
2024-05-30 21:22:47 meraki: INFO > wireless, getNetworkWirelessSsids - 200 OK
Good_WIFI 0 
Good_Guest 1 
Good_GUEST 2 
Unconfigured SSID 4 3 
Unconfigured SSID 5 4 
Unconfigured SSID 6 5 
Unconfigured SSID 7 6 
Unconfigured SSID 8 7 
Unconfigured SSID 9 8 
Unconfigured SSID 10 9 
Unconfigured SSID 11 10 
Unconfigured SSID 12 11 
Unconfigured SSID 13 12 
Unconfigured SSID 14 13 
Unconfigured SSID 15 14 
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
before update
2024-05-30 21:22:47 meraki: INFO > GET https://api.meraki.com/api/v1/networks/networkID_xxxxxxxx/wireless/ssids/0
2024-05-30 21:22:48 meraki: INFO > wireless, getNetworkWirelessSsid - 200 OK
number 0 
name Good_WIFI 
enabled True 
splashPage None 
ssidAdminAccessible False 
authMode 8021x-radius 
dot11w {'enabled': False, 'required': False}
dot11r {'enabled': False, 'adaptive': False}
encryptionMode wpa-eap 
wpaEncryptionMode WPA2 only 
radiusServers [{'host': '1.1.1.1', 'port': 1812, 'id': '667095694804279971', 'radsecEnabled': False, 'openRoamingCertificateId': None, 'caCertificate': None}, {'host': '2.2.2.2', 'port': 1812, 'id': '667095694804279970', 'radsecEnabled': False, 'openRoamingCertificateId': None, 'caCertificate': None}]
radiusAccountingEnabled False 
radiusTestingEnabled True 
radiusServerTimeout 1 
radiusServerAttemptsLimit 3 
radiusFallbackEnabled False 
radiusProxyEnabled False 
radiusCoaEnabled False 
radiusCalledStationId $NODE_MAC$:$VAP_NAME$ 
radiusAuthenticationNasId $NODE_MAC$:$VAP_NUM$ 
radiusAttributeForGroupPolicies Filter-Id 
ipAssignmentMode Bridge mode 
useVlanTagging False 
radiusOverride False 
minBitrate 11 
bandSelection Dual band operation 
perClientBandwidthLimitUp 0 
perClientBandwidthLimitDown 0 
perSsidBandwidthLimitUp 0 
perSsidBandwidthLimitDown 0 
mandatoryDhcpEnabled False 
lanIsolationEnabled False 
visible True 
availableOnAllAps False 
availabilityTags ['legacy_wifi'] 
speedBurst {'enabled': False} 
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
2024-05-30 21:22:48 meraki: INFO > PUT https://api.meraki.com/api/v1/networks/networkID_xxxxxxxx/wireless/ssids/0
2024-05-30 21:22:49 meraki: ERROR > wireless, updateNetworkWirelessSsid - 400 Bad Request, {'errors': ["Authentication mode '8021x-radius' requires WPA Encryption mode to be one of: 'WPA1 and WPA2', 'WPA2 only', 'WPA3 only', 'WPA3 192-bit Security'"]}

 

RaphaelL
Kind of a big deal
Kind of a big deal

Do you have the API Early Access enabled ? 

 

RaphaelL_0-1717080319769.png

 

def updateSSIDNPS(networkID,ssidname,radiusServers, newname):
    ssid=Get_Network_SSIDList(networkID)
    print("before update")
    try:
        goodprint(dashboard.wireless.getNetworkWirelessSsid(networkID,number=ssid[ssidname]))
    except Exception as e:
        print(e)
    #time.sleep()
    try:
        print(ssid[ssidname],radiusServers,newname)
        response = dashboard.wireless.updateNetworkWirelessSsid(networkId=networkID,number=ssid[ssidname],radiusServers=radiusServers, name=newname)
        return response
    except Exception as e:
        print('update SSID Fail with error: '+str(e))
    

 

Hi Here is my code

You can try adjusting this part:

 

response = dashboard.wireless.updateNetworkWirelessSsid(networkId=networkID, number=ssid[ssidname], radiusServers=radiusServers, name=newname, encryptionMode='WPA2 only')

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

Hello Alemabrahao

 

Follow your advice, I will get below error.

 

update SSID Fail with error: "encryptionMode" cannot be "WPA2 only", & must be set to one of: ['open', 'wep', 'wpa', 'wpa-eap']

 

But I try below code can get success.

 

dashboard.wireless.updateNetworkWirelessSsid(networkId=networkID,number=ssid[ssidname],radiusServers=radiusServers, name=newname, encryptionMode='wpa-eap')

 

 

I will keep use this code.

Thanks for your help.

 

The error code at begining is error for authentication mode, but finally I fix by encryptionMode? It's interesting.

 

RaphaelL
Kind of a big deal
Kind of a big deal

Your code doesn't work. 

 

You need to do a 'GET'  , decompile every key:value pair and update the one you want ( RADIUS ? ) and then 'PUT' all the keys:value pairs with 

updateNetworkWirelessSsid

 From the SDK : 

RaphaelL_0-1717082087318.png

Exactly like Alemabrahao suggested , but I think the dashboard will complain that other keys are missing.

Ajust like this:

 

authMode = '8021x-radius'
encryptionMode = 'WPA2 only' # Changed from 'wpa-eap' to 'WPA2 only'
wpaEncryptionMode = 'WPA2 only'

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Paccers
Getting noticed

We've had this exact error recently but through the GUI (our Org is on n747). The fix for us is to revert the view back to 'Old' view, save the SSID config, return to 'New' view and then make and save the changes without further errors.

 

Support did some backend testing with our Org today and I'm waiting to hear back from them

RaphaelL
Kind of a big deal
Kind of a big deal

We had a case opened about this issue back in nov 2023. This might be already fixed with the API beta program. Let me check.

alemabrahao
Kind of a big deal
Kind of a big deal

Even though you are just doing the update, you must provide the encryption mode used by the SSID in your script.
For Example "encryptionMode": "wpa",

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

Hi Alemabrahao

 

Thanks for your reply. But I can update success to some network with same code. Do you still insist your comment.

I just fail again, but it's after I see your reply.

Thank you.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.