Hi Everyone     This technically works if all antennas are the same. (using that antenna)   However, you would lose 5Ghz band which is a big drawback.   You can find more info 🙂 https://documentation.meraki.com/MR/Other_Topics/Frequently_Asked_Questions_regarding_Cisco_Meraki_Antennas   You should never use single-band antennas on a dual-band antenna port. It will work only for that single band and you will have bad behaviors everywhere else. All antennas in these kind of APs should be the same.     ... View more

Yes, captive portal failover on WLCs i think.   We do not support that behavior yet, it is on our roadmap to do it that way but not yet.   What it can be done right now, is the group policy to bypass the captive portal for the clients you desired, and keep the regular behavior (captive portal) for everything else.   You can create a rule on your radius if the mac auth is found, accept and send the bypass group policy, if it is not on your mac valid clients, accept and get to the captive portal without a group policy.   It is adding an attribute for the group policy result. Let me know if this helps ... View more

Hi there, so if you receive in L2 auth (mac based in this case) an access reject the authentication will fail and it will stop at that point.   If you have configured guest vlan, when the reject happens the client will be placed into the defined vlan there, but no splash auth will be presented. If you get an access accept then it will move forward to L3 authentication (captive portal), at least i think this will happen i have not tested this in a while.   In order to bypass the portal you could apply a group policy on the accept for it to not show the splash portal. For what I remember you cannot have right now a splash page if authentication fails as a backup method. I will dig into this and update soon. ... View more

Hi James, Unfortunately, the information and use-case it is internal only.   We can use the feature with this limitation, 🙂 ... View more

Well not useless right, we will honor the default called-station-id stated in documentation when using proxy. We are giving the ability to still customized NAS-ID, which can be used the same way in RADIUS for rules.   Admins would just have to change the attribute they are using.   But yes, customizing called-station-id with proxy radius is not supported. We are one of few if not the only that allow this 🙂 ... View more

verified and add it to documentation.   We do not support a customize called-station-id with proxy, since we in fact use it.  ... View more

I am trying to repro this, could you tell me which authentication are you using?   all the config is done on the new access control page, right?     ... View more

Hi James, that is interesting, i think we should be able to send both, but let me confirm and will get back to you, thank you for bringing this up! ... View more

Updated, I am not mentioning all the new attributes that are sent since this would not be compliant with other documentation, however, they will not affect the behavior (most likely depending on your rules) on the RADIUS auth. ... View more

I will update our documentation in a moment for this default behavior. 🙂   You will be able to find it here:   https://documentation.meraki.com/MR/Access_Control/MR_Meraki_RADIUS_2.0 ... View more

Hi There   That is right, we consolidated all attributes to have consistency among authentication as for RADIUS attributes, so you should see the new ones, which will have no impact.   The change from BSSID to MAC address does now align with the rest of the industry, and it is a change when upgrading to r28.   It is hard to work with BSSIDs, and as for our data, this change should be for the better.   I am happy you like it ... View more

Hi James   Yes, the option should change the traffic for all authentications.    The default behavior will not be modified unless you use the customizable attributes on radius advance page. ... View more

Just wondering, do you have "client balancing" enabled?   This can be found on the rf profile.   On event logs, look for rejected due to load balance or something like that, let us know what happens with the new ap ... View more

Hi Chuyen   Have you tried testing SSID with PSK or OPEN?   Please look at your Wireless Health and check if you are having more issues in authentication.   Thank you! ... View more

Hi GJ1   Have you created a case with support?   I am happy to take a look.   Also, try to take a packet capture and check if you see a lot of deauths, also check air marshal, you might be being contained.   Let me know ... View more

Hi There   The issue is actually on Apple side, however, Meraki has provided a fix for this not to affect clients.   I can confirm this is present in 26.5, now 26.6 ... View more