what did you end up doing? Did you find that there is a limit that was still usable for Group Policies? ... View more

Out of curiosity, what wireless NIC is being used on your laptops? I ask, because I found that use of 802.11v protocol, starting actively on MR29.X codes ended exposing an issue with Intel NICs. We saw success with all new codes and no requirements to disable any features. I am using 29.5.1 today and have 802.11r, active client load balancing, etc. I have zero issues with devices after upgrading the Intel NIC drivers. ... View more

I have been supporting Meraki wireless (as well as all other products) for better part of a decade and have not run into issues that are too complex or can't be diagnosed. They give you all the data and tools you need, but most people are unfamiliar with the interface and looking for features or names of features, from another product set.  As far as support, its a game of change for anyone - if you break it down to what it is, it is a call center for all these vendors and it's luck of the draw on their ability to tshoot or level of support knowledge. I have gotten some really great engineers and I have some that were not, but in the end the info is for all to see.   This particular case, mine ended up being an issue with bad firmware on the Intel Wireless NIC (AX201/AX211), that appeared to be a Meraki upgrade issue, but ended up being the NIC after using all troubleshooting and data available. There are something like 2.5+ million Meraki devices installed out there, I wouldn't say there is a limitation there - Meraki is installed at multiple stadiums, theme parks, etc. This is top tier enterprise gear, but sometimes the tshoot will be hard for anyone or in this case, for me, ended up being a root cause with the client NIC's firmware - just keep pounding away an working with all vendors in the path - in your case Laptop, ISE agent (if applicable) APs, ISE/RADIUS, AD, etc).   If you have roaming for users standing still, this is normal with active load balancing like 802.11v, which is a client to AP communication and initiates the roam function on the client themselves. DFS is not recommended, but not prohibited - it depends on your location and the density of your deployment, plenty of high density deployments will require 20Mhz channel widths and needing all available channels across the spectrum,. If you are near hospitals or airports, best to avoid, but your event logs should tell you if you are hitting an DFS events.  ... View more

Happening on the following versions: 22.170.0.3 2022/11/17 22.150.0.3 2022/07/20 22.120.0.3 2022/03/17 ... View more

Yes, we are on 22.220.0   LINK: https://www.intel.com/content/www/us/en/download/19351/windows-10-and-windows-11-wi-fi-drivers-for-intel-wireless-adapters.html   I have client load balancing still enabled, 802.11r enabled, and CoA disabled (since I am using 802.11r). Our desktop team is fixing users as they report the issue for now, about 5 users, who were top issues a month ago are now issues free for a month. ... View more

Yes, we are on 22.220.0   LINK: https://www.intel.com/content/www/us/en/download/19351/windows-10-and-windows-11-wi-fi-drivers-for-intel-wireless-adapters.html   I have client load balancing enabled, 802.11r, and CoA disabled (since I am using 802.11r) ... View more

I avoided rolling back at all costs, worked on troubleshooting the root cause and found it to not be an issue with Meraki at all. The issue for me, was Intel AX2xx cards, MR29.x kicks off active load balancing using 802.11v, which requires the client device to do a fair amount of the work and initiating the actual moves. The issue seems to be malformed packets, that affect any type of authentication, randomly. It affects 802.11t PMKsa and 802.1x full auth - all at random. The issue will start when the AP tells the client decide to move to a better AP, which the client using 802.11v has a list of all neighboring APs, then goes down that entire list trying to authenticate over and over for 1-2 min, then the bug clears and a full 802.1x auth is done and the user will be back on.   we had multiple chronic issues with specific users and all we have applied the newest Intel firmware have been fixed and actively load balancing without issue.   hope this is helpful to others  ... View more

Update for my situation, we updated multiple users Intel AX2xx cards to the latest firmware and has fixed users we have rolled out to. So while MR29.x code may have exposed the issue with the client load balancing / 802.11v, the root cause was the Intel NICs and we have run both 29.5 and 29.5.1 without issue.   So if you have the Intel AX2xx (AX201/AX211/etc), that is your real issue. ... View more

You seem to be correct from what I am finding so far, but we have a meeting with Intel next week and I will ask if there is a way to disable, maybe via powershell? ... View more

What NICs are in use in your networks? We believe we have isolated our issues to the client side, with the Intel NIC being able to successfully perform functions related to the client side of 802.11v.   All of our users have Intel AX201/AX211 (only NIC I have seen mentioned in this thread as well), which were fine prior to 29.x code, but have since had issues sporadically and just a small subset. Being that 29.x was the first time that the client was actively involved in the client load balancing, we believe this to be the root cause, but still investigating. Our deployment is high density, so client load balancing is preferred, so we will have the endpoint team push to disable 802.11v on the laptops, which will revert the Meraki AP to passive only, as it was in Pre 29.x code. This seems to me, like a better approach, then limiting a necessary feature for high density. ... View more

Great comments here, We seem to have a similar issue, but we have really been keying in on the PC NIC’s, we have found data related to issues with Intel AX201/AX211 NICs and issues with them and 802.1X auth sporadically. Enabling 802.11r seems to have quelled some of the issues, but we have we have only ever seen it affect a subset of users. We have a few hundred users, in our HQ with 27 MR42 APs. We only see a handful of users with the issues and pretty consistently (5-10 users). Is this similar for anyone else?  * intel NIC - AX201/AX211 * small subset of users   I am curious if you are getting to your desired results with downgrades and disabling of advanced features, but covering up a possible larger issue with the client NICs. When active client load balancing is requiring your devices to authenticate more and disabling reduces this amount of attempts and possible incidents hitting the issue - but in reality should be viable, however the NICs can’t keep up? ... View more