Meraki

degwi · ‎Mar 2 2023

Hi all,

I’m new with Meraki switching but familiar with Cisco.
I have a MS120 for testing and I try to use NAC as I have on the Cisco devices.
Some of my endpoints will be authenticated by MAC, others by Certificate (dot1x).
After the endpoint is authenticated by dot1x, no other Auth-request are send to the RADIUS server.
But, is the endpoint authenticated by MAC, I see auth requests from the switch every 90 seconds.

How can I suppress the auth request if the endpoint is connected by MAB?

I do not see this behavior on my Cisco switches.

My Access Policies look like this:

Thank you
Willem

GreenMan · ‎Mar 2 2023

I'm interested to know what the detrimental effects are for this, if any? Also - did you raise a Support case for this? - they would be able to advise if this is expected behaviour and possibly whether it can be altered in the back-end (it can't be done by the customer, I'm pretty sure). Off the top of my head I would say doing this provides an ability to reflect any change in status of the MAC in the RADIUS database (i.e. if an admin removed it). If you don't re-auth periodically a previously authenticated MAC cound stay connected indefinitely.

degwi · ‎Mar 2 2023

Ok, I have to come back on this issue.
It seems to be a single device, printer that has this behaviour, all my other printers do not show the same.

The detrimental effect would have been flooding the RADIUS server with requests.

I Guess I have a printer hardware issue (or some wired settings).

Meraki

Community

Dot1x / MAB Reauth behavior, unexpected reauth every 90 seconds

Dot1x / MAB Reauth behavior, unexpected reauth every 90 seconds