Hello, not sure if this is the right place to ask this question. I'm trying to implement MAB authentication using Meraki Wireless and Cisco ISE. The Meraki AP isn't sending the "Call-check" field in the radius attributes therefore can't match MAB auth in my policy set.
I've logged a Meraki TAC case about this also. Has anyone come across this before. Did you need to implement a workaround, if so how did you go about it?
Thanks,
Below are the radius attributes being sent by the Meraki AP to ISE:
RADIUS Protocol
Code: Access-Request (1)
Packet identifier: 0x0 (0)
Length: 250
Authenticator: xxxxxxxxxxxxxxxxxxxxxxx
Attribute Value Pairs
AVP: l=14 t=User-Name(1): xxxxxxxxxxxxxx
AVP: l=18 t=User-Password(2): Encrypted
AVP: l=6 t=NAS-IP-Address(4): xx.xx.xx.xx
AVP: l=27 t=Called-Station-Id(30): MAC Address:SSID
AVP: l=6 t=NAS-Port-Type(61): Wireless-802.11(19)
AVP: l=34 t=Vendor-Specific(26) v=Meraki Networks, Inc.(29671)
AVP: l=40 t=Vendor-Specific(26) v=Meraki Networks, Inc.(29671)
AVP: l=24 t=Vendor-Specific(26) v=Meraki Networks, Inc.(29671)
AVP: l=19 t=Calling-Station-Id(31): MAC Address
AVP: l=24 t=Connect-Info(77): CONNECT 11Mbps 802.11b
AVP: l=18 t=Message-Authenticator(80): xxxxxxxxxxxxxxxxxxxxxxx