I have several meraki AP's deployed that I would like to use 2-factor authentication to, as well as AD group membership lookup.  The 2 factor service we are looking at is cloud based radius and only supports a few auth protocols.  The Meraki AP's also only support a few auth types, and the 2 dont seem to line up.

It seems that when a user radius authenticates on an AP, this is only proxied by ACS to the radius server??  So if the cloud radius server and meraki dont support the same type it just fails with an error that the radius server does not support the authentication method.