Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
About ajtsystems
ajtsystems
Comes here often
Member since Sep 13, 2023
Oct 4 2023
Community Record
7
Posts
0
Kudos
0
Solutions
Badges
Oct 3 2023
9:18 AM
No but that's a good idea
... View more
Oct 3 2023
8:59 AM
Hi, I've set up an SSID to use Local Auth for RADIUS with an LDAP server for authorization. I'm using 802.1x with the suplicant passing machine certificates issued by our own CA. Everything is working and clients are connecting, however in Windows 10 before they connect Windows is prompting asking "If you expect an SSID in his location, continue" In the SSID, there are RADIUS Trust client settings that show a Root CA certificate that has been used to sign the meraki.radius.direct certs presented by the APs. I'm pushing the client settings via Group Policy, but for some reason I can't get the client to trust the Root CA which is "IdenTrust Root CA 1" Has anyone else had this problem? The root CA IdenTrust Root CA 1 is in the Trusted Root CA store on the client but for some reason I am still getting prompted for user interaction
... View more
Labels:
- Labels:
-
SSID
Sep 16 2023
5:03 AM
I've been reading this article https://documentation.meraki.com/MR/Encryption_and_Authentication/Meraki_Local_Authentication_-_MR_802.1X Which says that Meraki MR Local Auth can authenticate user certificates but I need to know if it can authenticate Machine certificates in the same way? I'm trying to remove the requirement for a RADIUS server, which this looks like it does by running RADIUS locally on the MR. Thanks
... View more
Sep 13 2023
11:10 AM
Yes, 802.1x, Machine certificates. Because I have a DNat rule on the Firewall, the Radius client is configured to the inside IP range of the Firewall. I can see info in the Event logs on the Radius that shows inbound connections from IPs in the internal firewall IP range. Mmm, Interesting, Is there something in the Radius protocol that needs the actual Public ip address to work (as this is the Address configured in Meraki) ?
... View more
Sep 13 2023
10:57 AM
Yes, I've checked the IAS logs and Event Logs and there are no more errors. I can force an error if I turn off the Connection Policy and a log entry in Event log gets created saying there is not matching Connection policy. If I reenable it, RADIUS times out when it should be Authenticating using the Network policy... I'm a bit lost currently on the next step forward
... View more
Sep 13 2023
10:50 AM
It's over the internet to an Azure public IP (Firewall WAN interface). I'm using a DNat rule on the Azure firewall to the NPS box. The Firewall and NPS VNets are peered and all the routing is definitely working. I can't use a VPN as there are already VPNs into Azure from the sites where the Meraki's are. The VPNs pass over an Azure Load Balancer which historically has been the reason why we it hasn't worked before, potentially the same problem with the udp fragmentation, Are you connecting over the internet or using a VPN?
... View more
Sep 13 2023
9:17 AM
Having some problems getting RADIUS to work on my Meraki AP where the RADIUS server is running on a Windows NPS VM in Azure. The VM is sitting behind an Azure firewall. Is this set up supported as I suspect there is some Fragmentation of UDP packets happening that Azure doesn't support? I can see in the NPS logs that the firewall is forwarding packets etc but logging stops and then the RADIUS flow times out. I have literally tried everything but can't get to the bottom of this problem Help/Guidance appreciated
... View more
Labels:
- Labels:
-
Installation
-
Other
© 2024 Cisco Systems, Inc.
