Meraki

Richard-Tapp · ‎Apr 28 2025

We are currently testing Cisco ISE for 802.1x wireless authentication.

When it uses the default port 1700 on both the ISE and SSID, it fails with an ISE log message of

11052 Authentication request dropped due to unsupported port number.

I can see in Wireshark that it is being sent 1700 from the AP and the log says it is sending 1700 as well.

Oddly, if we set both sides to 1814, we don’t get a logged error message, but the test in the Meraki portal still fails.

Also I noticed the framed mtu is 1400, we normally set this to 1344 in out NPS server and was wondering if we still need to use the NPS for some functions of this authentication

alemabrahao · ‎Apr 28 2025

Here you have a detailed document on how the integration is done, I hope it helps you.

https://community.cisco.com/t5/security-knowledge-base/how-to-integrate-meraki-networks-with-ise/ta-...

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

alemabrahao · ‎Apr 28 2025

Another detail about port 1700 is that it is used for CoA.

See the list of ports and what they are used for.

https://www.cisco.com/c/en/us/td/docs/security/ise/3-0/install_guide/b_ise_InstallationGuide30/b_ise...

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

AxL1971 · ‎Apr 29 2025

We have been using ISE to authenticate wireless and wired client for past 5 years and these are the ports set up

1812 for RADIUS

1813 for accounting

Meraki

Community

Meraki 802.1x authentication with Cisco ISE

Meraki 802.1x authentication with Cisco ISE