Meraki

MikeN1 · ‎May 25 2021

I did try to enable both TLS 1.0 and 1.1 client and server with the same results. As a next step I'm going to try to get someone to go on site to test from a laptop. If the required cipher suites are indeed directly between the client and RADIUS server then that may prove that this is actually working even though the test button in the interface fails and causes the error to be logged on the NPS server.

MikeN1 · ‎May 24 2021

In this case, the failure is when using the Test button in the configuration interface. It is configured to use PEAP-MSCHAPV2 Offices are still closed due to covid, i'll need to test it out the next time someone's in an office to see if it works directly from a client.

MikeN1 · ‎May 24 2021

I have been tasked with troubleshooting an issue where Meraki WPA2-Enterprise RADIUS authentication against a Windows Server 2019 NPS server doesn't work. The NPS server OS is hardened to CIS benchmarks, only TLS 1.2 is allowed and insecure cipher suites are disabled. It was configured as outlined in the documentation: Configuring RADIUS Authentication with WPA2-Enterprise - Cisco Meraki Testing Radius authentication returns the following error: Authentication Type: PEAP EAP Type: - Account Session Identifier: - Logging Results: Accounting information was written to the local log file. Reason Code: 269 Reason: The client and server cannot communicate, because they do not possess a common algorithm. I assume this is because perhaps Meraki requires using an insecure cipher suite. Meraki support has refused to help saying that this is outside the scope of support, they haven't been able to tell me what level of TLS and what cipher suites are required to be supported by the RADIUS server. Has anyone else run in to this? Thank You.

Meraki

Community

About MikeN1

MikeN1

Community Record

Re: WPA2 RADIUS against Windows Server 2019 NPS error

Re: WPA2 RADIUS against Windows Server 2019 NPS error

WPA2 RADIUS against Windows Server 2019 NPS error