Dot1X Authentication failes with Cisco AP

Philipp1
New here

Dot1X Authentication failes with Cisco AP

Hi,

 

I´m facing some issues with our Cisco AP (C9120AXI-E). When I connect them to our MX68CW Router with configured dot1x it works just fine. But as soon as I disconnect and reconnect the AP the authentication fails.

 

First connect:

Philipp1_0-1625734927708.png

 

Reconnect of AP:

Philipp1_1-1625734963401.png

 

ISE Log:

Philipp1_2-1625735365023.png

 

 

So I guess that the RADIUS server (ISE) is configured correctly because of the authentication success of the first plug-in.

 

 

1 REPLY 1
RomanMD
Getting noticed

Re: Dot1X Authentication failes with Cisco AP

Is that the authentication for client? 

Does your AP have a static IP, or is it DHCP?

Is the AP connected to a controller or is EBW?

Is the policy checking for NAS ID?

I am just thinking that after reconnect the AP is getting a new IP and the Radius packet a sourced from different IP if the policy is not checking for the NAS ID... but I am not radius expert at all... 

 

and last but not least - go away from EAP-FAST on ISE<2.6 and iPhones 🙂 I had too much trouble with TLS version miss-match.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.