Meraki

Community

Cisco ISE & Cisco Meraki Wireless Access Points

Shadius
Building a reputation
‎Nov 11 2021 12:39 PM
‎Nov 11 2021 12:39 PM

Cisco ISE & Cisco Meraki Wireless Access Points

Hi all,

 

I'm having issues with getting Cisco ISE to work with the Cisco Meraki Wireless Access Points.

 

All the access points have been added into Cisco ISE. When testing connectivity to the wireless network a few weeks back, it all worked flawlessly. Now, I am prompted for a username and password and when I enter it, it doesn't connect. While connecting to the wireless network, it will just say "Can't connect to this network." I'm not sure what's going on. Nothing has changed.

 

I have some access points able to communicate with Cisco ISE and some are alerting that it cannot connect.

 

What can I check to begin troubleshooting?

0 Kudos
7 Replies 7
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Nov 11 2021 1:16 PM
‎Nov 11 2021 1:16 PM

Is Cisco ISE seeing the authentication attempts?

If so, does it say that it is allowing or denying them?

0 Kudos
In response to PhilipDAth
Shadius
Building a reputation
‎Nov 11 2021 1:51 PM
‎Nov 11 2021 1:51 PM

@PhilipDAth 

 

So I'm seeing some PermitAccess and others show blank.

 

I just ran the test from the Meraki Dashboard and I see the two access points that are alerting show the Identity as USERNAME and under the Authorization Profiles, it's blank. The access points that went through show my Identity as my username and show PermitAccess for the Authorization Profiles.

0 Kudos
In response to Shadius
Shadius
Building a reputation
‎Nov 12 2021 5:35 PM
‎Nov 12 2021 5:35 PM

I am totally lost with this.

 

Some access points seem healthy and some display alerts with RADIUS.

 

How can it be half and half?

0 Kudos
MilesMeraki
Head in the Cloud
‎Nov 11 2021 1:44 PM
‎Nov 11 2021 1:44 PM

Check the Radius logs/logging on ISE and see if you're getting RADIUS logging attempts. If you are you can troubleshoot based on the error messages.

 

If the logs aren't showing it could be that RADIUS isn't hitting ISE. I'd then look at any firewall/network changes which may have impacted the RADIUS traffic from APs to ISE.

Eliot F | Simplifying IT with Cloud Solutions
Found this helpful? Give me some Kudos! (click on the little up-arrow below)
Matlyna
Conversationalist
‎Nov 16 2021 10:09 AM
‎Nov 16 2021 10:09 AM

Did you add them via a range? 

Meraki needs to have each device added individually or you'll get some odd behavior with some users and not all users.

 

Stacked switches need to have each switch added manually. (Can copy another profile; change ip, change hostname)

Add each wireless device individually. (Can copy another profile; change ip, change hostname)

In response to Matlyna
Shadius
Building a reputation
‎Nov 17 2021 2:57 PM
‎Nov 17 2021 2:57 PM

I've added each Cisco Meraki wireless access point into Cisco ISE individually.

0 Kudos
In response to Matlyna
Johnmccsi
Comes here often
‎Dec 8 2021 11:55 AM
‎Dec 8 2021 11:55 AM

Interesting behavior needing to be added individually. What were the issues that you were experiencing with using a Range as a device.

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.