We are implimenting a OPSWAT NAC to secure our wired and wireless network (Wireless moving from Windows RADUIS)
We have set up a test SSID and have been able to authorise clients sucessfully and they get the assigned vlan in the group policy assigned.
The issue we have now that we have added a test meraki AP (MR44) to be quthenericated at a MAC level to OPSWAT, which is sucessful but when client connect tpo the SSID on this AP they no longer get an IP, sucessful EAP auth but no IP.
Port the Ap is connected to is a trunk and all the vlans are allowed
am i missing something ?
What AP was working before for the test SSID?
Yes AP was working fine with all current SSID's and the test one - i.e. clients being authorised and getting IP's.
Since chnaging to auth the AP MAC agaist OPSWAT client fail to get an IP
Are you saying that you are doing wired authentication on the switch port that the AP plugs into?
Yes the Meraki AP is authroised via the wired port based on its mac, then we need to do 802.1x auth for wireless clients connected to the Meraki AP.
Switches are Dell N series
Port config as below
storm-control broadcast level 10
storm-control multicast level 10
description "***AP***"
spanning-tree portfast
switchport mode trunk
switchport trunk native vlan 20
switchport trunk allowed vlan 20,25
authentication host-mode multi-auth
authentication max-users 10
authentication periodic
dot1x timeout tx-period 120
dot1x timeout server-timeout 60
mab
authentication order mab dot1x
Is the SSID operating in bridge mode?
If it is, you must look closely at the switch port. It sounds like something about the process is not allowing the client.
Could it be that you are only allowing up to 10 users on the switch port?
Perhaps you could remove that, or increase it to a large number?
Not even working for a single device, ring fenced testing to a single device
What does the switch log say?