Setup Cisco AP Wifi with NPS Server using EAP

Currently I have a Cisco AIR-AP1142N-K-K9 setup with my NPS Server using EAP, see attached screen shot.
The unit is slow and outdated. We are looking at replacing it with Cisco Meraki MR33

The main part that is different between them that applies to me is the authentication
The meraki does not have PEAP or EAP Mschapv2 listed so I am not sure if it will work for me.
Or if there is a differet method to use.
In the NPS server there arent any of those other mehods listed EAP-SIM or EAP TLS
See screen shot.

Can someone help me confirm that I would be able to replace my unit with Meraki and integrate it with NPS?
Thanks

The AP1142 has
 ●  EAP Type(s):
◦   Extensible Authentication Protocol-Transport Layer Security (EAP-TLS)
◦   EAP-Tunneled TLS (TTLS) or Microsoft Challenge Handshake Authentication Protocol Version 2 (MSCHAPv2)
◦   Protected EAP (PEAP) v0 or EAP-MSCHAPv2
◦   Extensible Authentication Protocol-Flexible Authentication via Secure Tunneling (EAP-FAST)
◦   PEAPv1 or EAP-Generic Token Card (GTC)
◦   EAP-Subscriber Identity Module (SIM)
 Security:
◦   802.11i, Wi-Fi Protected Access 2 (WPA2), WPA
◦   802.1X
◦   Advanced Encryption Standards (AES), Temporal Key Integrity Protocol (TKIP)

Cisco Meraki MR33 has
Authentication Method:             EAP-SIM , Extensible Authentication Protocol (EAP)
      Compliant Standards:             CSA , FCC , IC , RCM , RoHS
      Encryption Algorithm:             AES , TKIP , TLS , TTLS , WEP , WPA , WPA2-Enterprise , WPA2-PSK
wireles-EAP.png
baysysadminAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Olgierd UngehojerSenior Network AdministratorCommented:
I have setup with cisco Meraki and NPS as a radius server. There is a option WPA2-Enterprise with your radius server. You will have to setup configuration to have wifi connection before login, because you need authenticate to radius.
0
baysysadminAuthor Commented:
Could you give me a bit more specific steps please?
Thanks
0
Olgierd UngehojerSenior Network AdministratorCommented:
On Meraki where you setup authentication you have option to choose WPA2-Enterprise with your radius server. Down there is configuration for radius IP and secret key and thats it on Meraki side. NPS configuration is a little bit more complicated. There is a lot options when you created your policy over there. I would start with something simple to establish connection  between access point and NPS so allow access point use radius and and some group of users on your domain controller to authenticate.  This article explain how to do it with Ubiquity https://www.gypthecat.com/how-to-configure-windows-2012-nps-for-radius-authentication-with-ubiquiti-unifi.
0
Become a Leader in Data Analytics

Gain the power to turn raw data into better business decisions and outcomes in your industry. Transform your career future by earning your MS in Data Analytics. WGU’s MSDA program curriculum features IT certifications from Oracle and SAS.  

Craig BeckCommented:
You can do exactly the same with the Meraki as you were doing before.  Simply configure the Meraki AP to use WPA2-Enterprise and add it as a client to NPS.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
baysysadminAuthor Commented:
I ordered the unit, it should come in a few days.
I will follow up on how it goes.
Thanks
0
baysysadminAuthor Commented:
The unit just came in, the config was pretty simple,
I configured 2 SSID, VLAN1 and VLAN200 guest.
Guest works fine.
VLAN1 lets me authenticate, BUT it cant get a DHCP IP on the client side  using bridge mode.

I think its a issue with VLAN tagging therefore the requests are not going to the DHCP

Config is as follows

MerakiAP is static IP 10.10.0.x (No vlan tag, it would not connect)
Switch port is set to trunk

SSID1 is WPA2-enterprise VLAN1 tagged, radius test works OK
clients connect but cant get DHCP IP
The LAN Tab shows that there are requests with no response on VLAN1 see screenshot
VLAN200 has no errors.

SSID2-Guest is WPA2 VLAN200 tagged, DHCP and internet works OK
wireles-vlan1-error.png
0
baysysadminAuthor Commented:
Ok i think i figured it out.
SSID1, had to be untagged vlan becuase it on same subnet and the AP main IP network
SSID2 had to be tagged vlan 200

now i get the DHCP IP on client

Gonna do more testing and report back
0
Craig BeckCommented:
Yes, VLAN 1 is the default VLAN so it should be untagged in your scenario.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Cisco

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.