Hello everyone
We had a case of deploying very small branches and we opt for using the Meraki MX68 as a solution, with many sites without MS switches.
During our study we looked at the MX65, however we knew that this will be EoS, and the replacement would be the MX68, we bought MX68 for all these branches.
The issue is that we require the 802.1x Wired LAN authentication option on the MX68, which seems to be dropped by Meraki, the MX65/MX64 fully supports the 802.1x.
I raised a ticket and could not have even a little support from the Meraki team, tomorrow I will be calling them and giving them some shouts.
Has anyone required the 802.1x on the MX68? did Meraki enable this for you?
https://meraki.cisco.com/lib/pdf/meraki_datasheet_mx.pdf
Per this doc the MX65 does not support 802.1x. You need the wireless model of 65 or 68 (MX65W, MX68W, or MX68CW)
The 802.1x support has only ever been for wireless connections. Never for wired connections.
@PhilipDAth you can enable it on the interface of the mx 64 and 65 if you set it to access mode. for the 67 and 68 this function should work in the near future (with beta firmware)
I stand corrected. I just tried it and you can enable 802.1x on an MX65 wired port.
If I'm reading this correctly then it should already be available.
https://documentation.meraki.com/MX/Access_Control_and_Splash_Page/MX_Access_Policies_(802.1X).
Well ,
We have over 300 MX68 with 802.1X enabled and over 1200 MX65. We are running the 14.39 firmware.
I have MX67s on 14.39 and this change is not available. I also looked through the firmware release notes and I didn't see one that indicated it was turned on. Also alot of the release notes seems to show they are having issues with this on the 64/65 so I wonder if they is delaying roll out.
Here is a screenshot. This is a template for our MX65-68. Access policy is hybrid ( MAB and 802.1x ) and it is working like a charm
Confirmed with support 802.1x wired is not available on MX67/MX67W/MX67C/MX68/MX68W/MX68CW up to firmware 15.13 , which is the highest beta firmware currently. It is is set to be implemented, but you will have to wait to watch release notes on the new beta firmware.
Ah ! I think we had our Meraki Rep to enable this feature for us.
It is the only explanation that I can give for the moment.
EDIT : Tested and ... not working with 14.39 firmware and MX67/MX68 series. Seems like you are right about it. I will test the latest version and report the results
Even with the latest firmware it is not available :
Support :
Wired 802.1x is planned for the MX67/68 platform, however, it is unfortunately, not available at this time. Support does not have an ETA of when this will be available and what firmware build will include this feature. Let us know if you have any further questions.
An update on this post.
I contacted a Meraki Architect and he enabled the 802.1x for our dashboard on the MX68 devices, however he mentioned that I need to have the latest beta version and this is only for Lab testing.
We tested this in our lab and it seems to be working, I will not be deploying this to our production environment until this is official announced in the next 3 month (as per the Meraki Architect).
It is an MX68, the subject is about wired port security.
I spoke with Meraki support this week about this feature missing on the MX68CW. They indicated that the feature was pulled due to a bug that would send the MX into a reboot loop. After some back and forth with support they indicated that the patch was actually available in the latest published beta firmware (15.23 - Released 1/6/2020). I had to update to the indicated beta firmware and recontact support so they could turn a backend knob to re-enable the feature. Fortunately this did restore the functionally and I was able to successfully test/validate dot1x on this platform.
Hey just wanted to follow up on this thread. I am currently running 14.40 across the board. My Z3s have been doing 802.1x quite well for at least a few months now. I just got some mx68s and it appears like they are NOT doing 802.1x. Has there been an official firmware release that supports 802.1x for the mx68s?
@Khue- you will need to go to the 15.x train. It became stable for me after some more recent code versions, I'm on 15.27 right now.
You have tried this with cisco ISE yet ?
We had issues on the 15.x train. We had to roll back to 14.4.