cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Network Printer / 802.1x / Radius no connection

SOLVED
Highlighted
Here to help

Network Printer / 802.1x / Radius no connection

Good morning all,

 

I have been working on this for a few days and I just cant figure it out.  I am hoping someone on here might be able to point me in the right direction before I put a ticket in.  I will try and lay this out as completely as possible.

 

I am testing Meraki and 802.1x in a lab environment.  As of right now I have a MS120-24P Meraki Switch connected to a Cisco 887A Router and the switch is pointed at a Radius server.  Now I have successfully created an access policy for 802.1x and successfully tested it on the switch and an MR42 Meraki AP.  I am now trying to test out other devices that we have in our branch offices like printers.  At the moment I have a Lexmark MS410DN printer connected directly to the switch.  When the port is "open" (access port) I can see the printer, it is in the appropriate vlan and we can print from it.  However, my problem is when I apply the access policy to the port then the printer is placed in vlan 10 (guest network) and we can no longer see it.  For some reason it is not communicating with the radius server.  In radius I have added it as a client by both MAC address and static IP, in AD there is a group that has the MAC address of the printer.  I have included one of our systems guys to walk through the radius 802.1x config wizard with me and no matter what we do we can get the printer to go from vlan 10 to vlan 1 and be visible on the network by being authenticated with radius.  If anyone has encountered this problem please let me know what you did to fix it.  Much appreciated.

1 ACCEPTED SOLUTION

Accepted Solutions
Conversationalist

Re: Network Printer / 802.1x / Radius no connection

You may have to do MAC address bypass, and just whitelist the mac address of the printer.

Jeff

10 REPLIES 10
Kind of a big deal

Re: Network Printer / 802.1x / Radius no connection

What do you have the access policy type set to? It will need to be either MAB or Hybrid.

 

image.png

Here to help

Re: Network Printer / 802.1x / Radius no connection

Jdsilva,

 

I created a 2nd access policy this one being a Hybrid and placed it on the port with the printer.  It was still rejected by Radius. 

 

Thanks,

 

Jeremy

Kind of a big deal

Re: Network Printer / 802.1x / Radius no connection

What do the Event Logs in the Dashboard say? What do the RADIUS logs say?

Here to help

Re: Network Printer / 802.1x / Radius no connection

Jdsilva,

 

Ok so in the event log for the dashboard it just says Radius authentication rejected

 

On my Radius server I am getting event 6273 reason code 65 so I am investigating that at the moment.  There is some small detail that I am over looking. 

Kind of a big deal

Re: Network Printer / 802.1x / Radius no connection

Woohoo progress!

 

It could be something as stupid as the format of the MAC being sent. xx:xx:xx:xx:xx:xx instead of xxxx.xxxx.xxxx for example. I'm not familiar with that RADIUS error so that's just speculation. 

Here to help

Re: Network Printer / 802.1x / Radius no connection

tell me about it!

 

It looks like it could be the dial-in properties in the AD user account so we are checking this to see if it is set to deny or allow.  I'll let you know if that produces any results.

Here to help

Re: Network Printer / 802.1x / Radius no connection

That is a no go!
Kind of a big deal

Re: Network Printer / 802.1x / Radius no connection

FYI, when I do wired 802.1x I make sure the client gets printers with native 802.1x support, so they log in like everything else. It makes life much easier.

Conversationalist

Re: Network Printer / 802.1x / Radius no connection

You may have to do MAC address bypass, and just whitelist the mac address of the printer.

Jeff

Here to help

Re: Network Printer / 802.1x / Radius no connection

Jeff,

 

So I was working on this problem this morning and created a third access policy...Mac Address Bypass but also I found in my radius server that under client IPv4 address I had put in the IP of my printer instead of my switch.  Now it all works as it should.   Thank you all for your ideas and help...this problem is solved!!!

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.