The story continues: Have tested it with a MR33 and it fails to work with Microsoft NPS. I've also tried FreeRadius and that works. During the tests I made come captures: This is FreeRadius capture (the only interesting part is the Access-Accept reply from the RADIUS server): This is the NPS reply: Assuming Meraki ignores the other attributes, one thing is different in the Tunnel-Password attribute; NPS is not adding a Tag field in the reply. From the RFC Tag
The Tag field is one octet in length and is intended to provide a
means of grouping attributes in the same packet which refer to the
same tunnel. Valid values for this field are 0x01 through 0x1F,
inclusive. If the value of the Tag field is greater than 0x00 and
less than or equal to 0x1F, it SHOULD be interpreted as indicating
which tunnel (of several alternatives) this attribute pertains;
otherwise, the Tag field SHOULD be ignored. Don't know if this is the case but this might be the reason it is not working.
... View more