Meraki

Hari8370

We use EAP-based authentication for wired clients on MS225 switches. However, random clients fail to authenticate at unpredictable times.

Packet captures show no EAP traffic, but the switch logs indicate rejection events. Replugging the cable or cycling the port allows the device to authenticate successfully.

Any ideas on what might be causing this issue? Our NPS is deployed on Windows Server 2022.

cmr

What is the path from the MS225s to the NPS and the cloud? Are the MS225s and the NPS on the same site and are all MS225s affected?

If my answer solves your problem please click Accept as Solution so others can benefit from it.

Hari8370

NPS and MS225s are on same site.
Most of the switches are having this issue but please note that the issue is intermittent.

alemabrahao

Take a look at the troubleshooting guide.

802.1X authentication issues troubleshooting - Windows Client | Microsoft Learn

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

Main10ence

Hello @Hari8370,

Do you have any server-side errors that correlate to the "failed" event seen on the switch port? Also, have you checked the event log on the Dashboard? There may be good information there.

.ılı.ılı. Cisco Meraki
Network Support Engineer

"The future favors the bold."

Meraki

Community

Sporadic radius authentication failure for wired clients

Sporadic radius authentication failure for wired clients