"Update the attributes of an SSID" - AP endpoint broken ?

Raphael_M
Here to help

"Update the attributes of an SSID" - AP endpoint broken ?

Hello everyone,

 

I have already opened a case to the support but I want to know if anybody else is facing the same issue.

 

Since last Friday approximately our provisioning scripts (provisioning of networks and SSIDs) keep failing. More precisely they fail when we call the API to create an SSID with WPA-EAP encryption. We get a 400 Bad Request from Meraki with the error message : 'encryptionMode' must be one of: 'wep' or 'wpa'.

 

It used to work perfectly until last Friday and nothing has changed on our side, so I strongly suspect an issue with the API endpoint itself. Has anyone else noticed the same thing recently ?

 

Below is the payload of the request, I obfuscated info related to our RADIUS servers:

{
"name": "Lab O&I - Redwood",
"enabled": true,
"splashPage": "None",
"ssidAdminAccessible": false,
"authMode": "8021x-radius",
"encryptionMode": "wpa-eap",
"wpaEncryptionMode": "WPA2 only",
"radiusServers": [
{
"host": "x.x.x.x",
"port": 1812,
"secret":"xxx"
}
],
"radiusAccountingEnabled": true,
"radiusAccountingServers": [
{
"host": "x.x.x.x",
"port": 1813,
"secret":"xxx"
}
],
"radiusCoaEnabled": false,
"radiusAttributeForGroupPolicies": "Filter-Id",
"radiusFailoverPolicy": null,
"radiusLoadBalancingPolicy": null,
"ipAssignmentMode": "Bridge mode",
"useVlanTagging": true,
"defaultVlanId": 900,
"radiusOverride": true,
"minBitrate": 11,
"bandSelection": "Dual band operation with Band Steering",
"perClientBandwidthLimitUp": 0,
"perClientBandwidthLimitDown": 0,
"lanIsolationEnabled": false
}

 

7 Replies 7
NolanHerring
Kind of a big deal

If you change it from 'wpa-eap' to just 'wpa' does it work?

Either they changed the value on the back end or you are right, its broked.
Nolan Herring | nolanwifi.com
TwitterLinkedIn
SoCalRacer
Kind of a big deal

Update on 9/19 to the api confirms encryption mode has to be wpa or wep not wpa-eap, but only is valid if authmode = psk.

 

My suggestion remove

"encryptionMode": "wpa-eap",

 

NolanHerring
Kind of a big deal

Where do you see that also cause i can't find release notes showing the month of September =(
Nolan Herring | nolanwifi.com
TwitterLinkedIn
SoCalRacer
Kind of a big deal

Meraki API bot on Webex Teams! Any change to the api is logged in close to real time I believe.

Raphael_M
Here to help

That is exactly what my Meraki SE suggested to me: using the Webex Teams to follow closely what they release on the API sode.

 

Still, I'm a bit pissed off that they don't provide "retro-compatibility" when they modify their APIs, it should be a basic rule.

 

I will try your suggestion (removing the encryptionmode attribute) but I noticed that they have also:

  • Added new attributes that seem to be mandatory
  • Removed the possibility to set some existing attributes to "null"

 

If I find the right modifications in the payload I will share it in this thread.

 

PS : The Webex teams logs does show that they have changed the encryptionmode attribute:

old objects: {'description': "The psk encryption mode for the SSID ('wpa', 'wep' or 'wpa-eap')"}  
new objects: {'description': "The psk encryption mode for the SSID ('wep' or 'wpa'). This param is only valid if the authMode is 'psk'"}
Raphael_M
Here to help

Turns out that this is supposed to be a "one-time error" from Meraki. Their golden rule is that new API releases should not break the structure of existing API requests, which they have failed to achieve in this case.

 

The solution was "simply" to remove the encryptionMode attribute from the request.

milou
Comes here often

Snippet for changing PSK passphrase..
Still running into the same problem, many years later

url = f"{BASE_URL}/networks/{network_id}/wireless/ssids/{ssid_number}"
payload = {
"authMode": "psk",
"encryptionMode": "wpa", #Michael
"wpaEncryptionMode": "WPA2 only", # Setting WPA2 encryption mode
"psk": new_password

nothing works, removing the line

#"encryptionMode": "wpa", #Micke

Or changing to wpa-eap, wpa, wep or wpa...

Still a problem?

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels