Meraki

Community

About chriso_ccc

Re: Does cert based RADIUS require a MX?

by in Wireless
‎Aug 2 2023 5:03 PM
‎Aug 2 2023 5:03 PM
The same laptop that authenticates fine at the remote sites are having the issue at HQ.  We've disabled all of the other policies and if I'm honest, we're not even seeing anything in the event logs for failures, we've been confirming connections from within the NPS logs.     Because it works outside of HQ, I can only  assume that the trust is in place otherwise.   ... View more

Re: Does cert based RADIUS require a MX?

by in Wireless
‎Aug 2 2023 4:25 PM
‎Aug 2 2023 4:25 PM
We are seeing authentication failures for HQ clients, which could have been either the clients not sending the cert or maybe the packets being malformed. We have added the IPs of the MRs as clients in NPS and that's verified as working.  Also, we had a different RADIUS profile that works fine but is using a username/password combination as the auth and we want to migrate to a certificate based auth model. ... View more

Re: Does cert based RADIUS require a MX?

by in Wireless
‎Aug 2 2023 2:56 PM
‎Aug 2 2023 2:56 PM
We've verified routes to and from the NPS server and we have seen successful connections from our remote sites and failures from our HQ, which confirms connectivity to and from the clients, MRs, and NPS server. ... View more

Does cert based RADIUS require a MX?

by in Wireless
‎Aug 2 2023 2:45 PM
1 Kudo
‎Aug 2 2023 2:45 PM
1 Kudo
We have Meraki MRs and MXs throughout the state of California and it's working fine, but we're looking at implementing certificate based 802.1x authentication and it's working at our remote sites, which have MXs and DIA circuits, and our testing there is successful, but not so much at our HQ.  Our HQ has a point to point gigabit ethernet circuit and has a direct connection to the datacenter, which is also where all of our devices tunnel into to gain egress to the internet.  At HQ, there is no MX since it's a direct fiber connection to the AT&T switch and on the other side of that 10G interface is our core switch.    That being said, we have MRs and MS switches at HQ, but no MX and 802.1x auth is not working.  We've been banging our heads against the wall trying to figure this out, but I'm wondering, is there some kind of encapsulation that we're missing out on and that's why it's not working?  We can verify routes to and from the NPS server, the clients, and MRs from all directions.  We've confirmed via packet captures and logs that the attempts are there.  But we're running out of things to try.  Does anyone know if we need an MX at our HQ building to make this work? ... View more
Labels:
My Top Kudoed Posts
© 2024 Cisco Systems, Inc.