Meraki

Community

AD test connection error

Solved
athan1234
A model citizen
‎Feb 26 2023 2:10 AM
‎Feb 26 2023 2:10 AM

AD test connection error

How for set up a 8021x PEAPMSCHAV It is mandatary to have a CA in meraki.

I decided builting a connector that fights AD.
I built a user connector with administrative privileges. .
And a user for test .

 

 

This SSID is in the mode bridge tags vlan corporative .
Muy client don't have mx; they also have wireless.

 

 

Test is wrong, any idea?

 

I

athan1234_0-1677405560899.png

 

0 Kudos
1 Accepted Solution
In response to athan1234
alemabrahao
Kind of a big deal
‎Feb 26 2023 9:08 AM
‎Feb 26 2023 9:08 AM

Wrong, you cannot, it's a requirement for 802.1x. Please ready the documentation.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

View solution in original post

5 Replies 5
alemabrahao
Kind of a big deal
‎Feb 26 2023 3:21 AM
‎Feb 26 2023 3:21 AM

First point to correct, CA is not mandatory in Meraki, it is the way 802.1x works. that is, for any other vendor it is necessary to have a CA.

Second point, are you sure the communication port is correct?

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to alemabrahao
athan1234
A model citizen
‎Feb 26 2023 7:56 AM
‎Feb 26 2023 7:56 AM

Hi @alemabrahao  thanks for your reply . You can deploy 8021x in NPS  authentification EAP MSCHAV2 without CA .

 

0 Kudos
In response to athan1234
alemabrahao
Kind of a big deal
‎Feb 26 2023 9:08 AM
‎Feb 26 2023 9:08 AM

Wrong, you cannot, it's a requirement for 802.1x. Please ready the documentation.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
alemabrahao
Kind of a big deal
‎Feb 26 2023 3:48 AM
‎Feb 26 2023 3:48 AM

By the way, for Sign-on with AD is necessary to have a CA.

 

 

Configuration and Requirements

In order to configure a splash page with Active Directory authentication, configuration steps must be completed on both Dashboard and Active Directory, outlined below:

Active Directory Configuration

The following requirements must be configured on each AD server being used for authentication:

  • Every AD server specified in Dashboard must hold the Global Catalog role. Please refer to Microsoft documentation for specific configuration steps.
  • Since communication between the MR and AD server will be encrypted using TLS, a valid certificate with the appropriate parameters must be configured on the server.
    • If no certificate is present, it will be necessary to install a Self-Signed certificate.
    • If a certificate already exists, please ensure that it has been configured with the necessary parameters for TLS.
  • The MR will communicate from its LAN IP with each AD server over TCP port 3268, to ensure that no firewalls or ACLs on the network or server will block that communication.

When Active Directory authentication is configured, the MR queries the Global Catalog over TCP port 3268. Therefore the Active Directory server (Domain Controller) specified in Dashboard must also hold the Global Catalog role.

 

https://documentation.meraki.com/MR/MR_Splash_Page/Integrating_Active_Directory_with_Sign-On_Splash_...

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
In response to alemabrahao
athan1234
A model citizen
‎Feb 26 2023 7:59 AM
‎Feb 26 2023 7:59 AM

If you recall, I asked you how to deploy an 8021x around a month ago, roughly. You responded that it was impossible without a CA, so I deployed in order client Sign-on with AD, which works well even though the client lack a CA.

0 Kudos
Back to the top
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.