Hi,
we have a meraki MR / MS and MX at head office. we are using NPS as our radius server hosted in Azure. We are using PEAP ( EAP-TLS with x.509 certificate based authentication) using user certificate.
Everything is working well but we started getting an issue : when a user PC is connected to both wired and wireless network ( both networks got 802.1x enabled) , the user laptop is preferring the wired as expected. our wired gateway is 10.1.10.1 ( our switch ). On the other hand, the wireless AP IP is ( 10.1.20.1 ).
we have enabled re-authentication on the switch every 300 seconds. When the PC is trying to re-authenticate the wired network, it is taking long time ( around 30 sec ) , then the wired is failing and the user laptop gets switched to the wireless network.
we have played around with the Metrics for both networks on the laptop as per the attached screenshot but that didn't fix it. My assumption is that, when the pc is trying to reauthenticate the wired connecting (by fragmenting the certificate and sending it) , the wireless profile is kicking in as it is trying to give the pc an access to the network ( also by fragmenting the certificate and sending it all the way to nps ) and this is why it is taking longer during the re-authentication process, but i wasn't sure why the wired ends up failing and the wireless takes over.
Is there a way to fix this issue ? ( we want to keep reauthentication on , disabling it would fix the issue but it is not recommended )
Also, can we pin-point the problem ? is it the laptop behaving the way i explained, or is it that the switch is receiving the same certificate from two different resources and is getting confused ? or is it related to NPS ?