Meraki

clopez · ‎Jul 7 2023

So we're having hit or miss experience recently.

If I am understanding this correctly Windows 10(22H2) / 11 are now defaulting to TLS 1.2 (or maybe even 1.3) and this is causing authentication issues when communicating/trying to auth with the old RADIUS server.

It seems I can just add the reg key to force the server to use TLS 1.2 but the MRs themselves dont support TLS 1.2. Does that affect clients as well or does that only affect the RADIUS Testing the MR does (theres a checkbox for this)

Am I safe to enable TLS 1.2 on the server side to resolve Windows client issues or do I have to force Windows Client to use 1.0 (via a GPO or MDM) or replace MRs?

KarstenI · ‎Jul 7 2023

For “real” authentication the MR just forwards the TLS communication that is encapsulated in EAP between the client (supplicant) and the NPS (authentication server). The MR (authenticator) does not need to understand this communication.

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.

View solution in original post

KarstenI · ‎Jul 7 2023

For “real” authentication the MR just forwards the TLS communication that is encapsulated in EAP between the client (supplicant) and the NPS (authentication server). The MR (authenticator) does not need to understand this communication.

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.

Meraki

Community

Microsoft NPS, TLS 1.2, older MRs. Trying to clear up some confusion.

Microsoft NPS, TLS 1.2, older MRs. Trying to clear up some confusion.