Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

ISE certificate MR36 and MR44

Gunnel
Comes here often
‎May 21 2024 5:08 AM
‎May 21 2024 5:08 AM

ISE certificate MR36 and MR44

Hi all!

 

We have a networks mixed with Cisco Classic Switches and Meraki APs. In one of them there are issues with one of the SSIDs. One C2960 switch connected to MR44 APs and one C9200 connected to MR36 APs(both with version 30.6). It is not possible for computers that are not company owned and for phones(regardless of owner) to log in to the main SSID, they do fine on our guest SSID however. We suspect troubles with the ISE certificate. Usually when you log on to our main SSID your phone would ask you if you trust this certificate, this does no longer happen on our main SSID in this particular network. It used to work well. The log sometimes complain about CoA, sometimes about DHCP and sometimes abour Radius. Any ideas?

0 Kudos
Subscribe
2 Replies 2
alemabrahao
Kind of a big deal
Kind of a big deal
‎May 21 2024 6:04 AM
‎May 21 2024 6:04 AM

Your SSID is probably configured to authenticate using a certificate, so only machines that are in the domain can authenticate, as they have the certificate installed on the machine.

To resolve this issue, you need to install the certificate on devices that are not part of the domain manually.

 

I don't know if you have mastery of ISE, but it would be interesting to request support from someone who has good knowledge of ISE.

It's not complex at all, but you need to have a minimum of knowledge.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Subscribe
In response to alemabrahao
Gunnel
Comes here often
‎May 22 2024 2:09 AM
‎May 22 2024 2:09 AM

It works fine in all of our other subnets so it can't be that. 

 

When you connect to WiFi for the first time it asks you to accept the certificate but on this particular subnet that stopped happening a few weeks ago. I've looked in the ISE log and it complains about the client not responding. 

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.