Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

iOS and WPA-2 Enterprise with RADIUS

cjhaas
New here
‎Jan 8 2018 12:31 PM
‎Jan 8 2018 12:31 PM

iOS and WPA-2 Enterprise with RADIUS

We're using RADIUS for authentication in our WPA-2 enterprise environment and are running into issues where iOS devices (so far iPhones and iPads) are forced to re-enter their credentials fairly often. It seems that whenever a device roams to another network (home wi-fi, coffee shop, etc.) that this happens. I've personally noticed it with my device but I also tend to reboot which I thought was the issue but other users have started to complain now, too. All other clients (desktops, laptops, Windows, Mac,  Raspberry PI's) are working and can roam without issue. None of the iOS devices have enterprise profiles loaded, they're just stock. We followed the Meraki Guide for RADIUS/WPA-2 pretty much exactly as far as I can tell. Is this a known issue and is there a solution?

0 Kudos
Subscribe
8 Replies 8
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jan 8 2018 12:43 PM
‎Jan 8 2018 12:43 PM

I have not seen this issue before.

 

When the user is getting prompted for their password again - do you see anything in the RADIUS log?  If may be that the RADIUS server is rejecting the authentication attempt, forcing the client to ask for a username/password again.

0 Kudos
Subscribe
In response to PhilipDAth
cjhaas
New here
‎Jan 8 2018 1:03 PM
‎Jan 8 2018 1:03 PM

Hi Philip, in the Meraki event log I'm seeing "previous authentication expired" for iOS devices (and only iOS devices) occasionally and I'm 99% sure that those times correspond to this issue but I'll need to sit and monitor for this to happen to be 100% sure. I'll update this post if/when I confirm this.

Thanks,
Chris
0 Kudos
Subscribe
In response to cjhaas
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jan 8 2018 1:06 PM
‎Jan 8 2018 1:06 PM

Are you using PEAP with MSCHAPv2, or some other kind of authentication?

0 Kudos
Subscribe
In response to PhilipDAth
cjhaas
New here
‎Jan 8 2018 1:27 PM
‎Jan 8 2018 1:27 PM

It appears that we didn't have that authentication method setup. We've just turned that on and I'll update this post (probably tomorrow) with results. Thanks Philip!
0 Kudos
Subscribe
In response to cjhaas
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jan 8 2018 1:29 PM
‎Jan 8 2018 1:29 PM

What authentication method were you using?

0 Kudos
Subscribe
In response to PhilipDAth
cjhaas
New here
‎Jan 8 2018 1:38 PM
‎Jan 8 2018 1:38 PM

Unfortunately I don't know a lot about NPS in Windows, I'm an admin by default!

When I go to edit our settings, under Authentication Methods the "Override network policy" wasn't checked so I'm not really sure what was being used. Is there a default for Windows 2008 R2?
0 Kudos
Subscribe
In response to cjhaas
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jan 8 2018 1:44 PM
‎Jan 8 2018 1:44 PM

Your settings should look something like this:

 

Screenshot from 2018-01-09 10-43-24.png

0 Kudos
Subscribe
In response to PhilipDAth
cjhaas
New here
‎Jan 8 2018 1:46 PM
‎Jan 8 2018 1:46 PM

Thanks again Philip, that's what we changed them to
0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.