Buy or Renew
Buy or Renew
NEW: Try the Beta AI Summary feature on posts in the Routing and SD-WAN forum. Click to go to the forum.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3083
Views
3
Helpful
2
Replies

MX vs. MR RADIUS WiFI question

Go to solution
thrtnastrx2
Frequent Visitor
Frequent Visitor

‎06-04-2020 10:29 AM

I have some sites with MX64W's configured with one SSID, authentication to "My RADIUS server", and I have other sites with MS series configured with one SSID, authentication to "My RADIUS server" (both using the same server IP/port).

Using a Windows 10 laptop, domain joined, certificate from internal Enterprise CA,

When connecting to the MX wireless, left click on the network icon on the taskbar, I see the SSID, select it and "connect', the "Enter your user name and password" appears along with a link to "Connect using a certificate". I choose certificate, select the cert, and it connects.

When connecting to the MS wireless, left click on the network icon on the taskbar, I see the SSID, select it and "connect', the "Enter your user name and password" appears but there is no option to "Connect using a certificate", using the same Windows 10 laptop.

So everything is the same except for the Meraki hardware. How can I provide the same experience (provide the option "Connect using a certificate" to the users?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Philip D'Ath
Meraki Community All-Star
Meraki Community All-Star

‎06-04-2020 11:20 AM

Those options are controlled by what the RADIUS server presents as allowed options to the machine. Those options are transported inside of a PEAP packet, which is encrypted - so the AP doesn't know what you are offered or negotiate.

This is assuming you are using PEAP with MSCHAPv2 and PEAP with EAP-TLS.

Take a closer look at your RADIUS server config, and check the policies that are being matched in both cases. More than likely it is matching different policies.

View solution in original post

2 Replies 2

Go to solution
Philip D'Ath
Meraki Community All-Star
Meraki Community All-Star

‎06-04-2020 11:20 AM

Those options are controlled by what the RADIUS server presents as allowed options to the machine. Those options are transported inside of a PEAP packet, which is encrypted - so the AP doesn't know what you are offered or negotiate.

This is assuming you are using PEAP with MSCHAPv2 and PEAP with EAP-TLS.

Take a closer look at your RADIUS server config, and check the policies that are being matched in both cases. More than likely it is matching different policies.

Go to solution
thrtnastrx2
Frequent Visitor
Frequent Visitor
In response to Philip D'Ath

‎06-04-2020 02:36 PM

Yes you were exactly correct, they were matching different policies.

Thank you for the suggestion!

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card