Hello everyone,
I have already opened a case to the support but I want to know if anybody else is facing the same issue.
Since last Friday approximately our provisioning scripts (provisioning of networks and SSIDs) keep failing. More precisely they fail when we call the API to create an SSID with WPA-EAP encryption. We get a 400 Bad Request from Meraki with the error message : 'encryptionMode' must be one of: 'wep' or 'wpa'.
It used to work perfectly until last Friday and nothing has changed on our side, so I strongly suspect an issue with the API endpoint itself. Has anyone else noticed the same thing recently ?
Below is the payload of the request, I obfuscated info related to our RADIUS servers:
{ "name": "Lab O&I - Redwood", "enabled": true, "splashPage": "None", "ssidAdminAccessible": false, "authMode": "8021x-radius", "encryptionMode": "wpa-eap", "wpaEncryptionMode": "WPA2 only", "radiusServers": [ { "host": "x.x.x.x", "port": 1812, "secret":"xxx" } ], "radiusAccountingEnabled": true, "radiusAccountingServers": [ { "host": "x.x.x.x", "port": 1813, "secret":"xxx" } ], "radiusCoaEnabled": false, "radiusAttributeForGroupPolicies": "Filter-Id", "radiusFailoverPolicy": null, "radiusLoadBalancingPolicy": null, "ipAssignmentMode": "Bridge mode", "useVlanTagging": true, "defaultVlanId": 900, "radiusOverride": true, "minBitrate": 11, "bandSelection": "Dual band operation with Band Steering", "perClientBandwidthLimitUp": 0, "perClientBandwidthLimitDown": 0, "lanIsolationEnabled": false }
Update on 9/19 to the api confirms encryption mode has to be wpa or wep not wpa-eap, but only is valid if authmode = psk.
My suggestion remove
"encryptionMode": "wpa-eap",
Meraki API bot on Webex Teams! Any change to the api is logged in close to real time I believe.
That is exactly what my Meraki SE suggested to me: using the Webex Teams to follow closely what they release on the API sode.
Still, I'm a bit pissed off that they don't provide "retro-compatibility" when they modify their APIs, it should be a basic rule.
I will try your suggestion (removing the encryptionmode attribute) but I noticed that they have also:
If I find the right modifications in the payload I will share it in this thread.
PS : The Webex teams logs does show that they have changed the encryptionmode attribute:
old objects: {'description': "The psk encryption mode for the SSID ('wpa', 'wep' or 'wpa-eap')"} new objects: {'description': "The psk encryption mode for the SSID ('wep' or 'wpa'). This param is only valid if the authMode is 'psk'"}
Turns out that this is supposed to be a "one-time error" from Meraki. Their golden rule is that new API releases should not break the structure of existing API requests, which they have failed to achieve in this case.
The solution was "simply" to remove the encryptionMode attribute from the request.
Snippet for changing PSK passphrase..
Still running into the same problem, many years later
url = f"{BASE_URL}/networks/{network_id}/wireless/ssids/{ssid_number}"
payload = {
"authMode": "psk",
"encryptionMode": "wpa", #Michael
"wpaEncryptionMode": "WPA2 only", # Setting WPA2 encryption mode
"psk": new_password
nothing works, removing the line
#"encryptionMode": "wpa", #Micke
Or changing to wpa-eap, wpa, wep or wpa...
Still a problem?