Meraki

Bovie2K

Hello, I've got some new C9300L's but am having a hard time with 802.1x Windows Network Policy Server. It works great with our MS series switches but cannot get it working with the C9300's.

First I figured out it's not using Ethernet as a NAS port type it's using Async (Modem). Second it won't accept PEAP and MS-CHAPv2. It will only accept PAP, SNAP which is no encryption. That will get the NPS logs to show an accept on the request but Meraki still shows a deny when testing radius.

Does anyone have the new C9300's 802.1x working with NPS? Note I have the same experiencing the same issue with both MS firmware and the new IOS XE public beta.

Bovie2K

More information. Working with Meraki support the IOS XE firmware doesn't even seem to be sending radius request. Super odd. Same question anyone running C9300's with NPS?

Inderdeep

Check this one if this helps

https://community.cisco.com/t5/network-access-control/802-1x-port-authentication-using-microsoft-nps...

www.thenetworkdna.com

alemabrahao

Maybe it will help you.

https://documentation.meraki.com/MS/Access_Control/MS_Switch_Access_Policies_(802.1X)#RADIUS_Caching...

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

PhilipDAth

I hope they fix up the NAS port type. Tat is going to break a lot of things. I would call this a bug.

I assume you are using an up to date firmware?

Bovie2K

yes running latest IOS XE firmware now and its not even sending a radius request anymore. They escalated my case. Will keep updated here.

Meraki

Community

C9300L and 802.1x Windows Network Policy Server

C9300L and 802.1x Windows Network Policy Server