Reauthentication in EAP (EAP-TLS or PEAP-MSChapv2)

alextsang010778
Here to help

Reauthentication in EAP (EAP-TLS or PEAP-MSChapv2)

Hi all

 

In Wired dot1x, we can configure the reauthentication timer in the suppliant to reauthentication after a certain period of time, so anyone know if we can do the same in Meraki in Wireless AP with dot1x authentication? Say reauthenticate the WIFI client running EAP-TLS every 24 hours?

 

Best regards

 

Alex

6 Replies 6
alemabrahao
Kind of a big deal
Kind of a big deal

Once the Wireless network is saved in the device, the credentials are saved, with no need for reauthentication.

The timer itself is something that is configured on the Radius server, but it is more common to apply on the wired network, I have never seen it work on wireless networks, usually, when reauthentication is required for an X period of time it is more common to use authentication via captive portal.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
alextsang010778
Here to help

Other WIFI manufacture implemented reauthentication timer, so the AP will perform reauthentication to the client when timer expired. So we would like to know if Meraki also has this timer? or it has a default reauthentication timer?

alemabrahao
Kind of a big deal
Kind of a big deal

You can find EAP timers on advanced Radius settings, but it does not have a reauthentication timer.

 

alemabrahao_0-1677339933709.png

 

 
 
 

 

 
I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
alextsang010778
Here to help

I checked already, but no luck, so want to see any expert here know to configure the reauthentication timer or any default value of the reauthentication in Meraki.

alemabrahao
Kind of a big deal
Kind of a big deal

Unfortunately, It's not possible buddy. This is I'm trying to say.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
alemabrahao
Kind of a big deal
Kind of a big deal

 

maybe using CoA is an option. Take a look at the article.

 

https://documentation.meraki.com/MR/Encryption_and_Authentication/Change_of_Authorization_with_RADIU...

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels