Hello community, I have a very specific problem. We migrated 80% of our access switches to Meraki 225-48LP. MAC computers are not getting 802.1x authenticated when connected with wire to MS swithes. They work fine on old cisco SW and also on wifi. I also have Windows clients that work fine wired connected. These are the logs from ISE when failing: 15016 Selected Authorization Profile - STG170_HELPDESK,HRZ_U-HD 22081 Max sessions policy passed 22080 New accounting session created in Session cache 12705 LEAP authentication passed; Continuing protocol 11503 Prepared EAP-Success 11006 Returned RADIUS Access-Challenge 5440 Endpoint abandoned EAP session and started new ( Step latency=59986 ms) and this is the log when working (connected to old cisco sw) 15016 Selected Authorization Profile - STG170_HELPDESK,HRZ_U-HD 22081 Max sessions policy passed 22080 New accounting session created in Session cache 12705 LEAP authentication passed; Continuing protocol 11503 Prepared EAP-Success 11006 Returned RADIUS Access-Challenge 11001 Received RADIUS Access-Request 11018 RADIUS is re-using an existing session 12704 LEAP completed. Sent EAP-Response containing LEAP challenge-response and cisco-av-pair containing LEAP session-key 11002 Returned RADIUS Access-Accept Another strange thing is in Meraki logs I see EAP success received but the port still appears in "Not forwarding due to access policy" . Mar 3 12:13:38 roish-mac 802.1X EAP success port: 25, identity: roisht-mac$@domain.corp Mar 3 12:13:38 roish-mac 802.1X deauthentication port: 25 Mar 3 12:12:38 roish-mac 802.1X EAP success port: 25, identity: roisht-mac$@domain.corp Mar 3 12:12:38 roish-mac 802.1X deauthentication port: 25 and a packet capture on meraki switchport where the MAC is connected:
... View more