Meraki

vishnu520

We have an endpoint with a PEAP Ethernet profile connected to port 5 on a Meraki switch. We have also configured the 802.1X access policy on the Meraki switch and applied it to port 5.

When testing the RADIUS server from the switch, it successfully reaches the ISE, and logs are visible in ISE.

The endpoint is sending EAPOL Start and EAPOL packets to the switch, but the switch is not relaying the RADIUS packets to ISE.

Endpoint Ethernet profile:

Result:

Port on Meraki:|

Access Policy:

ISE Log:

ISE detailed Log:

When i done packet capture on port 5:
09:31:12.166075 EAPOL start (1) v1, len 0
09:31:12.166398 EAP packet (0) v1, len 4

Can i know what is the issue here and how to troublw shoot this ? When replacing the Meraki switch with a Cisco switch, the EAP packets successfully reach ISE.

Mloraditch

Try unchecking the increase access speed option on your policy. This is not supported by ISE. When this is enabled, the switch will send MAB and 802.1x at the same time and ISE will just process whatever hits it first and the switch will stop trying to process the other type

https://documentation.meraki.com/MS/Access_Control/MS_Switch_Access_Policies_(802.1X)#Concurrent_Aut...

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.

alemabrahao

Here is documentation with all the steps for integration.

https://community.cisco.com/t5/security-knowledge-base/how-to-integrate-meraki-networks-with-ise/ta-...

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

Meraki

Community

My Switch MS225 is not relying the EAP radius requests to ISE

My Switch MS225 is not relying the EAP radius requests to ISE