Hello, has anyone had success with setting up Meraki Wifi using MAC based Auth and Identity PSK with RADIUS?
I have wired mac based auth working fine with meraki switches. Also my logs are show the wireless clients connect and authenticate, its just windows 10 client reports back “Can’t Connecto to this network” Jul 31 16:28:45 STB01NAC01 httpd.aaa-docker-wrapper[2793]: httpd.aaa(7) WARN: [mac:10:6f:d9:a1:52:a1] Unable to extract audit-session-id for module pf::Switch::Meraki::MS220_8. SSID-based VLAN assignments won't work. Make sure you enable Vendor Specific Attributes (VSA) on the AP if you want them to work. (pf::Switch::getCiscoAvPairAttribute) Jul 31 16:28:45 STB01NAC01 httpd.aaa-docker-wrapper[2793]: httpd.aaa(7) INFO: [mac:10:6f:d9:a1:52:a1] handling radius autz request: from switch_ip => (10.109.19.251), connection_type => Wireless-802.11-NoEAP,switch_mac => (e4:55:a8:12:b8:3c), mac => [10:6f:d9:a1:52:a1], port => 0, username => "106fd9a152a1", ssid => RAD-TEST (pf::radius::authorize) Jul 31 16:28:45 STB01NAC01 httpd.aaa-docker-wrapper[2793]: httpd.aaa(7) INFO: [mac:10:6f:d9:a1:52:a1] Instantiate profile default (pf::Connection::ProfileFactory::_from_profile) Jul 31 16:28:45 STB01NAC01 httpd.aaa-docker-wrapper[2793]: httpd.aaa(7) INFO: [mac:10:6f:d9:a1:52:a1] Found authentication source(s) : 'local,file1' for realm 'null' (pf::config::util::filter_authentication_sources) Jul 31 16:28:45 STB01NAC01 httpd.aaa-docker-wrapper[2793]: httpd.aaa(7) INFO: [mac:10:6f:d9:a1:52:a1] Connection type is MAC-AUTH. Getting role from node_info (pf::role::getRegisteredRole) Jul 31 16:28:45 STB01NAC01 httpd.aaa-docker-wrapper[2793]: httpd.aaa(7) INFO: [mac:10:6f:d9:a1:52:a1] Username was defined "106fd9a152a1" - returning role 'Corp-Wifi' (pf::role::getRegisteredRole) Jul 31 16:28:45 STB01NAC01 httpd.aaa-docker-wrapper[2793]: httpd.aaa(7) INFO: [mac:10:6f:d9:a1:52:a1] PID: "ryan.bergen", Status: reg Returned VLAN: (undefined), Role: Corp-Wifi (pf::role::fetchRoleForNode) Jul 31 16:28:45 STB01NAC01 httpd.aaa-docker-wrapper[2793]: httpd.aaa(7) INFO: [mac:10:6f:d9:a1:52:a1] (10.109.19.251) Added VLAN 512 to the returned RADIUS Access-Accept (pf::Switch::returnRadiusAccessAccept) Jul 31 16:28:45 STB01NAC01 httpd.aaa-docker-wrapper[2793]: httpd.aaa(7) INFO: [mac:10:6f:d9:a1:52:a1] (10.109.19.251) Added role 512 to the returned RADIUS Access-Accept (pf::Switch::returnRadiusAccessAccept) Meraki SSID is “RAD-TEST” and in Meraki I have it configured the following: Security: Identity PSK with RADIUS WPA encryption: WPA2 only Splash page: none (direct access) Radius Servers: [packetfence IP] port 1812, with Secret Radius Accounting server: [packetfence IP] port 1813, with Secret Radius testing: enabled Radius CoA Support: enabled Radius attribute: Filter-Id IP Assignment: Bridge w/ Radius override vlan tag Vlan tagging: disabled Packetfence Configuration: Switch: Type: Meraki MS220_8 Mode: Production Deauth method: RADIUS Roles: VLAN ID Radius: Secret matching above Meraki SSID Configuration Node: Manually added node, athorized it, associated to user User: input PSK entry Anything Im missing to get this working? We have it working with our legacy custom built free-radius/mysql setup. Client is requred a manual mac entry, with role and is authenticated using a generic PSK , MAC is looked up, then put on the proper VLAN mapped. Thanks
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
