Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Wireless Radius authentication (802.1x)

Kenneth
Getting noticed
‎Oct 2 2019 2:23 AM
‎Oct 2 2019 2:23 AM

Wireless Radius authentication (802.1x)

For a long time now I have testet Jumpcloud as a simple way of providing 802.1x auth. for smaller wireless that does not have AD/NPS available. I\m looking into this for a service aimed at Smaller businesses that still need policy based access to vlans etc. (and no the built in Meraki won't do)

 

But I have found the Jumpcloud service to be very unstable, and if clients are not connected for a while the network just seems to deny access after some time. There are other things also that does not work, but anyways.

Does anyone else know of a free small scale cloud based LDAP service? like Jumpcloud?

0 Kudos
Subscribe
8 Replies 8
BlakeRichardson
Kind of a big deal
Kind of a big deal
‎Oct 2 2019 12:06 PM
‎Oct 2 2019 12:06 PM

@Kenneth  Have you opened a support case with Jumpcloud, we use it in the same way you do and haven't seen the issue you mention. 

btr.net.nz
0 Kudos
Subscribe
In response to BlakeRichardson
Kenneth
Getting noticed
‎Oct 2 2019 12:37 PM
‎Oct 2 2019 12:37 PM

Well after testing IronWifi I'm not so sure that the problem i Jumpcloud 🙂 Maybe the problem is between the keyboard and the chair.

0 Kudos
Subscribe
In response to Kenneth
BlakeRichardson
Kind of a big deal
Kind of a big deal
‎Oct 2 2019 1:01 PM
‎Oct 2 2019 1:01 PM

@Kenneth  Thanks for the update, let us know what the issue was that way if someone else has the same problem this thread will help them. 

btr.net.nz
0 Kudos
Subscribe
In response to BlakeRichardson
Kenneth
Getting noticed
‎Oct 2 2019 1:34 PM
‎Oct 2 2019 1:34 PM

I will be testing IronWifi for some time now and see how that goes. But I can describe the problems I've had fairly simple.

 

1. Afters some time several clients will be denied access even with correct credentials. This is totally random in the infrastructure over both iOS, Android, ChromeOS and MS, at this point even a clean install won't help. (thought it was a certificate problem.

 

2. And this is more a bug in Meraki I think. If you block a client with the radius enabled, and then choose to forget the client, it will still be denied - and the only option seems to be to purchase a new network adapter / or change MAC adress ! clean install, 7 days waiting time even did not help, the client was unable to connect.

I'll post an update as to these problems and IronWifi.

0 Kudos
Subscribe
In response to Kenneth
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Oct 3 2019 12:18 PM
‎Oct 3 2019 12:18 PM

> and then choose to forget the client,

 

You would want to remove the "block" group policy and set it back to "normal".

0 Kudos
Subscribe
In response to PhilipDAth
Kenneth
Getting noticed
‎Oct 4 2019 4:26 AM
‎Oct 4 2019 4:26 AM

Problem is that when forgetting a client one can not change policy.

 

UPDATE: after a few days with IronWifi same problem appears, No internet/no possibility of connecting to the SSID with the 802.1x auth.

 

Also with IronWifi the clients keept disconnecting from the network and needed repeated re-auth.

0 Kudos
Subscribe
In response to Kenneth
Kenneth
Getting noticed
‎Dec 30 2019 3:29 AM
‎Dec 30 2019 3:29 AM

Well I've tried IronWifi now since october and it has proven more stable than JumpCloud, but still IoS devices in spesific seem to struggle from time to time with auth. Win clients have no problem, so this is not the fault of IronWifi. It seems that the clients on IoS from time to time want to "forget" the network and download cert. again to allow access.

Also as a slight heads up, ChromeOS needs manual "add wifi" to work. Just standard SSID / EAP-TLS / etc. but still needs to be set up manually or it does not work.
0 Kudos
Subscribe
In response to Kenneth
DHAnderson
Head in the Cloud
‎Mar 14 2021 1:06 PM
‎Mar 14 2021 1:06 PM

I have several clients using JumpCloud Radius authentication over Meraki access points.

 

I have not seen the problem you have mentioned.  One thing to check is that the WAN IP address is the same address specified in the JumpCloud Radius settings.

 

Also, you can test the Radius authentication in the Access Control settings for the SSID.

 

Dave Anderson
0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.