Meraki

Community

About 888network

Re: Wired MAC specific 802.1x issue

by in Switching
‎Mar 3 2022 12:46 PM
‎Mar 3 2022 12:46 PM
Directly connected to to switch port, no other NAD (phone\hub\switch) between the switch and the MAC device ... View more

Wired MAC specific 802.1x issue

by in Switching
‎Mar 3 2022 2:19 AM
‎Mar 3 2022 2:19 AM
Hello community,   I have a very specific problem. We migrated 80% of our access switches to Meraki 225-48LP. MAC computers are not getting 802.1x authenticated when connected with wire to MS swithes. They work fine on old cisco SW and also on wifi. I also have Windows clients that work fine wired connected.    These are the logs from ISE when failing: 15016 Selected Authorization Profile - STG170_HELPDESK,HRZ_U-HD   22081 Max sessions policy passed   22080 New accounting session created in Session cache   12705 LEAP authentication passed; Continuing protocol   11503 Prepared EAP-Success   11006 Returned RADIUS Access-Challenge   5440 Endpoint abandoned EAP session and started new (     Step latency=59986 ms) and this is the log when working (connected to old cisco sw) 15016 Selected Authorization Profile - STG170_HELPDESK,HRZ_U-HD   22081 Max sessions policy passed   22080 New accounting session created in Session cache   12705 LEAP authentication passed; Continuing protocol   11503 Prepared EAP-Success   11006 Returned RADIUS Access-Challenge   11001 Received RADIUS Access-Request   11018 RADIUS is re-using an existing session   12704 LEAP completed. Sent EAP-Response containing LEAP challenge-response and cisco-av-pair containing LEAP session-key   11002 Returned RADIUS Access-Accept   Another strange thing is in Meraki logs I see EAP success received but the port still appears in "Not forwarding due to access policy" . Mar 3 12:13:38 roish-mac 802.1X EAP success port: 25, identity: roisht-mac$@domain.corp Mar 3 12:13:38 roish-mac 802.1X deauthentication port: 25 Mar 3 12:12:38 roish-mac 802.1X EAP success port: 25, identity: roisht-mac$@domain.corp Mar 3 12:12:38 roish-mac 802.1X deauthentication port: 25   and a packet capture on meraki switchport where the MAC is connected:   ... View more

Re: MX 16.15 - IPSEC issues

by in Security & SD-WAN
‎Dec 14 2021 3:44 AM
‎Dec 14 2021 3:44 AM
Yes, warm spare pair ... View more

Re: MX 16.15 - IPSEC issues

by in Security & SD-WAN
‎Dec 14 2021 3:42 AM
‎Dec 14 2021 3:42 AM
I don't see any NO-NAT mode available for configuration. It is running in Routed mode. ... View more

Re: MX 16.15 - IPSEC issues

by in Security & SD-WAN
‎Dec 13 2021 9:33 AM
‎Dec 13 2021 9:33 AM
MX 15.44. Not sure if it matters but I'm running Active\Spare configuration at that site and the peer IP on the other side was set to virtual IP of the Meraki MX250 ... View more

MX 16.15 - IPSEC issues

by in Security & SD-WAN
‎Dec 13 2021 6:06 AM
‎Dec 13 2021 6:06 AM
Hello community 🙂 I had an incident this weekend after one of my sites with MX250 got upgraded to MX 16.15. IPSEC with Non-meraki peers (in my case PaloAlto) was no longer working. I downgraded to previous version and connectivity was restored. Looking at the 16.15 change log and known issues there is no mention about the problem I encountered. Just want to know if anyone else hit this bug and if Meraki is aware ? ... View more
Labels:
© 2024 Cisco Systems, Inc.