Meraki Community

RaphaelL · ‎Aug 19 2024

Hi ,

Last week on 3 different networks I had 20+ APs that were down. The switchport had the error : SecurePort authentication failure

After taking packet captures , I noticed that the certificate of the APs were expired :

I had to reboot the APs like 10 times to get them working :

Couldn't find anything in the recent firmware that could explain that.

I'm running old MS and MR firmware due to multiple unsolved bugs.

Anyone ever experienced that ?

GIdenJoe · ‎Aug 19 2024

I haven't used that feature yet.
I prefer having my AP's on their own VLAN.

From what you are describing is that the AP's do not automatically renew their certs when they have a long uptime.

RaphaelL · ‎Aug 19 2024

That seems to be the case. Support might have mentionned that this has been reported in the past.

The APs are in their own mgmt vlan. However SecurePort is the only way to enable 802.1X on a trunk port 😞

thomasthomsen · ‎Aug 19 2024

In theory the new smart-port feature should sooonish support dot1x override port config ... as far as I know.

Then it should be possible with your standard radius server of choice.

But I have never had AP with secure-port quit on me before, perhaps I have just updated (rebooted) them more often, and they have just renewed their cert then ?

PhilipDAth · ‎Aug 19 2024

Well done tracking that fault down! That would have needed a very keen eye.

Meraki Community

SecurePort Auth failure - MR certificate is expired

SecurePort Auth failure - MR certificate is expired