Meraki

Adam_F

Just a heads up to all my fellow folks. I ran into a compatibility issue with Portnox cloud radius and Meraki radius implementation.

The problem:

Meraki likes to send Meraki_8021x_test radius requests to test if the server is alive/up. (Identity is Meraki_8021x_test and no password)

Portnox likes to take those requests and throw them in the trash and not provide any response so Meraki thinks the server is dead and will continue to hammer Portnox with more of them. Portnox will fill its alert system with access attempts (invalid shared secret).

This is one of those issues where the two companies' engineers would need to collaborate in order to play nice with each other but getting both sides to do so is impossible.

The issue affects Portnox Cloud radius only. Portnox local radius is working properly and sending rejection/response.

What Meraki can do to fix: Give me the ability to configure a password for Meraki_8021x_test identity. (unlikely to happen).

What Portnox can do to fix: respond with a rejection, don't just discard.

alemabrahao

Have you tried reaching out to both support teams to see if there's any workaround or upcoming fix?

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

Adam_F

I tried for a solid month, opening cases with both Meraki and Portnox. I didn't get any upcoming fix, seemed they wanted to blame their azure hosting as blocking it, but clearly that isn't the case because of the "invalid shared secret" attempts being logged. Their workaround was to use portnox local radius as the primary radius (which yes that works, but does not fix the cloud radius).

On Meraki's side, while helpful, no workaround or upcoming fix.

Meraki

Community

Portnox NAC incompatiblilty issue

Portnox NAC incompatiblilty issue