Meraki Radius to ACS 4.1

This is a quick post around setting up a Meraki AP to allow authentication to an old Cisco ACS 4.1 server.  The intent of the setup is to allow access from the AP to provide WPA2-Enterprise Radius authentication.

Upon setting up the authentication as I did for any autonomous access point, I received failed test attempts within the Meraki page.  In addition, there was an error within the ACS 4.1 Failed Attempts log.

 

The initial tip that sent me in the right direction was a link from the Meraki forums.  The deviation from the Meraki post that I took was generating a CSR file to have my internal CA sign the certificate. Once everything was completed, my laptop with the CA root certificate trusted was able to authenticate without certificate errors.

With the certificates loaded into ACS there was some progress, however there was still some errors:

Searching the “EAP type not configured” resulted in many very old posts, most of which were not relevant.  The post that lead me in the right direction was a seven year old post on Cisco Support Forums.

The end solution added that the checkboxes “Allow EAP-MSCHAPv2” and/or “Allow EAP-GTC” (as applicable) within ACS under ACS > System Configuration > Global Authentication Setup > PEAP are checked.

Upon checking the options, I was able to authenticate to my LWAPP Cisco AP based profile on my clients.

Also for reference, the relevant WPA2 Enterprise configuration on the Meraki configuration page.

 

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *