Microsoft NPS, TLS 1.2, older MRs. Trying to clear up some confusion.

Solved
clopez
Conversationalist

Microsoft NPS, TLS 1.2, older MRs. Trying to clear up some confusion.

So we're having hit or miss experience recently.

If I am understanding this correctly Windows 10(22H2) / 11 are now defaulting to TLS 1.2 (or maybe even 1.3) and this is causing authentication issues when communicating/trying to auth with the old RADIUS server.

It seems I can just add the reg key to force the server to use TLS 1.2 but the MRs themselves dont support TLS 1.2. Does that affect clients as well or does that only affect the RADIUS Testing the MR does (theres a checkbox for this)

Am I safe to enable TLS 1.2 on the server side to resolve Windows client issues or do I have to force Windows Client to use 1.0 (via a GPO or MDM) or replace MRs?

1 Accepted Solution
KarstenI
Kind of a big deal
Kind of a big deal

For “real” authentication the MR just forwards the TLS communication that is encapsulated in EAP between the client (supplicant) and the NPS (authentication server). The MR (authenticator) does not need to understand this communication.

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.

View solution in original post

1 Reply 1
KarstenI
Kind of a big deal
Kind of a big deal

For “real” authentication the MR just forwards the TLS communication that is encapsulated in EAP between the client (supplicant) and the NPS (authentication server). The MR (authenticator) does not need to understand this communication.

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels