Meraki

Community

Wi-Fi client getting credential pop up 3-4 times a day

Devendra_Rajput
Just browsing
yesterday
yesterday

Wi-Fi client getting credential pop up 3-4 times a day

All users at site are getting WiFi credential pop up 3-4 times a day. we are using MS chap v2.

 

Devendra_Rajput_0-1771321155766.png

 

Labels:
0 Kudos
7 Replies 7
alemabrahao
Kind of a big deal
Kind of a big deal
yesterday
yesterday

Are you using an external RADIUS server, the one from Meraki?

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to alemabrahao
Devendra_Rajput
Just browsing
yesterday
yesterday

Cisco ISE on Azure

0 Kudos
In response to Devendra_Rajput
alemabrahao
Kind of a big deal
Kind of a big deal
yesterday
yesterday

Check the session timeout on the policy result.

 

Cisco ISE default session timeout is 7200 seconds (2 hours), often managed via RADIUS attributes to force re-authentication. 

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
alemabrahao
Kind of a big deal
Kind of a big deal
yesterday
yesterday

How is the session timeout configured?

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
KarstenI
Kind of a big deal
Kind of a big deal
yesterday
yesterday

The main question is how you want to have it? When you write "MS-Chapv2", I assume that you are using 802.1X with PEAP here. The best way would be to go paswordless with certificates. With username/password there are multiple options how your supplicant can be configured:

  • Ask for credentials on every connect (which is likely what you have now)
  • Use Single Sign On with the AD credentials which can be cached for later authentications
  • Use stored credentials for the Authentication.

How should it be?

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
0 Kudos
In response to KarstenI
Devendra_Rajput
Just browsing
yesterday
yesterday

  • Use Single Sign On with the AD credentials which can be cached for later authentications
0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
yesterday
yesterday

Maybe a year ago, Microsoft changed Credential Guard to block SSO for MSCHAPv2.  What you are seeing is now the expected behaviour.

 

You need to migrate to certificates to stop this.

 

https://www.keytos.io/blog/cloud-security/microsoft-disabled-ms-chapv2-for-network-sso-credential-gu...

 

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
© 2026 Cisco Systems, Inc.