Dot1X Authentication failes with Cisco AP

New here

Dot1X Authentication failes with Cisco AP



I´m facing some issues with our Cisco AP (C9120AXI-E). When I connect them to our MX68CW Router with configured dot1x it works just fine. But as soon as I disconnect and reconnect the AP the authentication fails.


First connect:



Reconnect of AP:



ISE Log:




So I guess that the RADIUS server (ISE) is configured correctly because of the authentication success of the first plug-in.



Building a reputation

Is that the authentication for client? 

Does your AP have a static IP, or is it DHCP?

Is the AP connected to a controller or is EBW?

Is the policy checking for NAS ID?

I am just thinking that after reconnect the AP is getting a new IP and the Radius packet a sourced from different IP if the policy is not checking for the NAS ID... but I am not radius expert at all... 


and last but not least - go away from EAP-FAST on ISE<2.6 and iPhones 🙂 I had too much trouble with TLS version miss-match.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.