Buy or Renew
Buy or Renew
NEW: Try the Beta AI Summary feature on posts in the Routing and SD-WAN forum. Click to go to the forum.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
366182
Views
41
Helpful
60
Replies

802.1X EAP failure with Windows AD Radius - Help!

Go to solution
ElectroDan
Level 1
Level 1

‎11-15-2018 06:29 AM

Okay so I've spent several DAYS on this and seem to be getting nowhere 😕 I'm starting to get fairly frustrated having followed numerous guides exactly.

I used this to setup the Meraki side:

https://documentation.meraki.com/MR/Encryption_and_Authentication/Configuring_RADIUS_Authentication_with_WPA2-Enterprise

This is the latest guide I followed:

http://www.cracknells.co.uk/servers-side/configuring-radius-authentication-for-a-wireless-network-802-1x-eap/

No matter what I try though, I can't get my phone or laptop to connect, nor get the Test function to succeed from the SSID > Radius Servers section.

When I click Test, I get:
Total APs: 14
APs failed: 14

I have Accounting enabled on the Windows Server (which is now a DC running Server 2016. I had been running 2012 R2 but decided to wipe it and install 2016 afresh as though maybe RADIUS worked better!). The NPS Account log shows this when I click the Test button:

<Event><Timestamp data_type="4">11/15/2018 14:15:21.607</Timestamp><Computer-Name data_type="1">MY-DC03</Computer-Name><Event-Source data_type="1">IAS</Event-Source><Class data_type="1">311 1 10.33.102.23 11/15/2018 13:06:56 231</Class><Client-IP-Address data_type="3">10.32.108.21</Client-IP-Address><Client-Vendor data_type="0">0</Client-Vendor><Client-Friendly-Name data_type="1">Meraki - AP1</Client-Friendly-Name><Session-Timeout data_type="0">30</Session-Timeout><Proxy-Policy-Name data_type="1">Meraki Staff Secure Wireless Connections</Proxy-Policy-Name><Provider-Type data_type="0">1</Provider-Type><SAM-Account-Name data_type="1">MYDOMAIN\JohnDoe</SAM-Account-Name><Fully-Qualifed-User-Name data_type="1">MYDOMAIN\JohnDoe</Fully-Qualifed-User-Name><Authentication-Type data_type="0">5</Authentication-Type><NP-Policy-Name data_type="1">Meraki Staff Secure Wireless Connections</NP-Policy-Name><Packet-Type data_type="0">11</Packet-Type><Reason-Code data_type="0">0</Reason-Code></Event>

I get pretty much the same error logged when trying to connect from my laptop. I also see this in the Meraki event log:

Nov 15 14:24:57PurchasingRadius_TestITSPARE01802.11 associationchannel: 40, rssi: 29
Nov 15 14:24:57PurchasingRadius_TestITSPARE01802.11 disassociationunknown reason
Nov 15 14:24:57PurchasingRadius_TestITSPARE01802.1X deauthenticationradio: 1, vap: 4, client_mac: 84:3A:4B:56:F4:5C more »
Nov 15 14:24:48PurchasingRadius_TestITSPARE01802.1X deauthenticationradio: 1, vap: 4, client_mac: 84:3A:4B:56:F4:5C more »
Nov 15 14:24:48PurchasingRadius_TestITSPARE01802.11 associationchannel: 40, rssi: 28
Nov 15 14:24:47PurchasingRadius_TestITSPARE01802.11 disassociationunspecified reason
Nov 15 14:24:47PurchasingRadius_TestITSPARE01802.1X deauthenticationradio: 1, vap: 4, client_mac: 84:3A:4B:56:F4:5C more »
Nov 15 14:24:47PurchasingRadius_TestITSPARE01802.1X EAP failureradio: 1, vap: 4, client_mac: 84:3A:4B:56:F4:5C more »
Nov 15 14:24:47PurchasingRadius_TestITSPARE01802.1X deauthenticationradio: 1, vap: 4, client_mac: 84:3A:4B:56:F4:5C more »
Nov 15 14:24:47PurchasingRadius_TestITSPARE01802.11 associationchannel: 40, rssi: 29

Any ideas?

Labels:
60 Replies 60

Go to solution
mito1
Community Member

‎12-17-2024 01:23 PM

BerlinITGuy's suggestion worked. Also crazy that this still hasn't been addressed by Cisco.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card