cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Dynamic Vlan/Similar option is not working for Wired Clients (MAB/8021x) on Meraki Switches

Highlighted
Comes here often

Dynamic Vlan/Similar option is not working for Wired Clients (MAB/8021x) on Meraki Switches

Is it possible to configure a dynamic vlan allocation via Cisco ISE (Radius Server) for wired clients (MAB/8021X) ?  If I configured a SSID on Cisco MR & having an option "RADIUS override", to get the VLAN-ID from my RADIUS-Server. On Cisco Meraki Switches unable to find such any option. Do you guys know if the "RADIUS override" option (or something similar options) is configurable for wired clients on a Meraki MS-Switch?

8 REPLIES 8
Highlighted
Kind of a big deal
Kind of a big deal

Re: Dynamic Vlan/Similar option is not working for Wired Clients (MAB/8021x) on Meraki Switches

Highlighted
Comes here often

Re: Dynamic Vlan/Similar option is not working for Wired Clients (MAB/8021x) on Meraki Switches

Thanks @ww. I have referred this document but it is not working (getting error could find the authentication profile created for wired clients) so please provide any other solution & share some screenshot.

Highlighted
Kind of a big deal

Re: Dynamic Vlan/Similar option is not working for Wired Clients (MAB/8021x) on Meraki Switches

If you've referred to the document and you're still having problems, I have to ask: Have you consulted Meraki Support?

Highlighted
Kind of a big deal

Re: Dynamic Vlan/Similar option is not working for Wired Clients (MAB/8021x) on Meraki Switches

I've done a couple of deployments with wired 802.1x, except I use Microsoft NPS instead of ISE.  In the cases I did I used a Cisco Meraki Access policy to specify the VLANs to use - rather than dynamically assigning them from RADIUS.

https://documentation.meraki.com/MS/Access_Control/MS_Switch_Access_Policies_(802.1X)

 

The documentation says that dynamic VLAN assignment is supported though.  Make sure you are passing all theee required parameters from ISE back to the switch (Tunnel-Medium-Type, Tunnel-Pvt-Group-ID and Tunnel-Type).

https://documentation.meraki.com/MS/Port_and_VLAN_Configuration/Dynamic_VLAN_assignment_via_802.1X_(...

 

 

Highlighted
Head in the Cloud

Re: Dynamic Vlan/Similar option is not working for Wired Clients (MAB/8021x) on Meraki Switches


@PhilipDAth wrote:

The documentation says that dynamic VLAN assignment is supported though.  Make sure you are passing all theee required parameters from ISE back to the switch (Tunnel-Medium-Type, Tunnel-Pvt-Group-ID and Tunnel-Type).

https://documentation.meraki.com/MS/Port_and_VLAN_Configuration/Dynamic_VLAN_assignment_via_802.1X_(...

 

 


That‘s a thing ISE does by default when returning a user defined VLAN

Highlighted
Comes here often

Re: Dynamic Vlan/Similar option is not working for Wired Clients (MAB/8021x) on Meraki Switches

Still Dynamic Vlan assignment feature is not working with Cisco Meraki MS. Even I have configured the authorization profile & followed the instruction as received by PhilipDAth & applied it on Authorization policy. If I selected the default authorization profile "Permit Access" in authorization policy then it works. Means something is wrong with Authorization profile which is not working with Cisco Meraki MS. Please suggest if someone have any other solution for Dynamic Vlan assignment.

 

Error on Cisco ISE:

 

15011Authorization Policy not configured
15019Could not find selected Authorization Profiles

 

Event5400 Authentication failed
Failure Reason15019 Could not find selected Authorization Profiles
Root causeCould not find selected Authorization Profiles

 

Highlighted
Head in the Cloud

Re: Dynamic Vlan/Similar option is not working for Wired Clients (MAB/8021x) on Meraki Switches

Looks like ISE is not hitting the AuthZ / authorization policy as expected. Therefore it isn‘t able to return the profile. Nothing wrong on the Meraki side of things.

Highlighted
Comes here often

Re: Dynamic Vlan/Similar option is not working for Wired Clients (MAB/8021x) on Meraki Switches

Do you have the instructions to implement wired 802.1x with dynamic VLANs ? Appreciate your help 

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.