I have an issue with Meraki and my NPS somewhere and am struggling to find the cause.
The packet capture from the AP outbound to the internet show the Radius request going to the NPS and even the challenges coming back, however nothing else after that apart from fragmented IPv4 packets.
After the initial EAP packets the client will probably build a TLS tunnel between itself and NPS and that traffic starting from the change cipher spec should be opaque in your capture of the inside communication.
However after that exchange is completed you should see an access-accept packet from NPS destined to the AP with all needed AV pairs. Can you verify the AP receives that packet?
Hi, thanks for the response. In your case was the NPS able to see the authentication attempts or did they not reach it?
I've noticed the same problem now at some other sites in this Meraki template group. All these sites routers have a similar setup so it doesn't really narrow it down between the Meraki config and the ISR config.
Meraki states that about 40% of attempts fail at association and 50% at authentication for all the problem sites.
Wired connections are still working and they are on the same VLAN as the WiFi so I don't see where the problem lies yet.