Meraki

Community

Dot1X Authentication failes with Cisco AP

Philipp1
New here
‎Jul 8 2021 2:09 AM
‎Jul 8 2021 2:09 AM

Dot1X Authentication failes with Cisco AP

Hi,

 

I´m facing some issues with our Cisco AP (C9120AXI-E). When I connect them to our MX68CW Router with configured dot1x it works just fine. But as soon as I disconnect and reconnect the AP the authentication fails.

 

First connect:

Philipp1_0-1625734927708.png

 

Reconnect of AP:

Philipp1_1-1625734963401.png

 

ISE Log:

Philipp1_2-1625735365023.png

 

 

So I guess that the RADIUS server (ISE) is configured correctly because of the authentication success of the first plug-in.

 

 

0 Kudos
1 Reply 1
RomanMD
Building a reputation
‎Jul 13 2021 7:39 AM
‎Jul 13 2021 7:39 AM

Is that the authentication for client? 

Does your AP have a static IP, or is it DHCP?

Is the AP connected to a controller or is EBW?

Is the policy checking for NAS ID?

I am just thinking that after reconnect the AP is getting a new IP and the Radius packet a sourced from different IP if the policy is not checking for the NAS ID... but I am not radius expert at all... 

 

and last but not least - go away from EAP-FAST on ISE<2.6 and iPhones 🙂 I had too much trouble with TLS version miss-match.

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.