Wireless Radius authentication (802.1x)

Kenneth
Getting noticed

Wireless Radius authentication (802.1x)

For a long time now I have testet Jumpcloud as a simple way of providing 802.1x auth. for smaller wireless that does not have AD/NPS available. I\m looking into this for a service aimed at Smaller businesses that still need policy based access to vlans etc. (and no the built in Meraki won't do)

 

But I have found the Jumpcloud service to be very unstable, and if clients are not connected for a while the network just seems to deny access after some time. There are other things also that does not work, but anyways.

Does anyone else know of a free small scale cloud based LDAP service? like Jumpcloud?

8 Replies 8
BlakeRichardson
Kind of a big deal
Kind of a big deal

@Kenneth  Have you opened a support case with Jumpcloud, we use it in the same way you do and haven't seen the issue you mention. 

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
Kenneth
Getting noticed

Well after testing IronWifi I'm not so sure that the problem i Jumpcloud 🙂 Maybe the problem is between the keyboard and the chair.

BlakeRichardson
Kind of a big deal
Kind of a big deal

@Kenneth  Thanks for the update, let us know what the issue was that way if someone else has the same problem this thread will help them. 

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
Kenneth
Getting noticed

I will be testing IronWifi for some time now and see how that goes. But I can describe the problems I've had fairly simple.

 

1. Afters some time several clients will be denied access even with correct credentials. This is totally random in the infrastructure over both iOS, Android, ChromeOS and MS, at this point even a clean install won't help. (thought it was a certificate problem.

 

2. And this is more a bug in Meraki I think. If you block a client with the radius enabled, and then choose to forget the client, it will still be denied - and the only option seems to be to purchase a new network adapter / or change MAC adress ! clean install, 7 days waiting time even did not help, the client was unable to connect.

I'll post an update as to these problems and IronWifi.

PhilipDAth
Kind of a big deal
Kind of a big deal

> and then choose to forget the client,

 

You would want to remove the "block" group policy and set it back to "normal".

Kenneth
Getting noticed

Problem is that when forgetting a client one can not change policy.

 

UPDATE: after a few days with IronWifi same problem appears, No internet/no possibility of connecting to the SSID with the 802.1x auth.

 

Also with IronWifi the clients keept disconnecting from the network and needed repeated re-auth.

Kenneth
Getting noticed

Well I've tried IronWifi now since october and it has proven more stable than JumpCloud, but still IoS devices in spesific seem to struggle from time to time with auth. Win clients have no problem, so this is not the fault of IronWifi. It seems that the clients on IoS from time to time want to "forget" the network and download cert. again to allow access.

Also as a slight heads up, ChromeOS needs manual "add wifi" to work. Just standard SSID / EAP-TLS / etc. but still needs to be set up manually or it does not work.
DHAnderson
Head in the Cloud

I have several clients using JumpCloud Radius authentication over Meraki access points.

 

I have not seen the problem you have mentioned.  One thing to check is that the WAN IP address is the same address specified in the JumpCloud Radius settings.

 

Also, you can test the Radius authentication in the Access Control settings for the SSID.

 

Dave Anderson
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels