Skip to main content

 

Cisco Meraki Documentation

Troubleshooting 802.1X Test Errors in the Dashboard

  1. Last updated
  2. Save as PDF

Overview 

This article explains how to troubleshoot common errors that appear during the 802.1X test in the Cisco Meraki dashboard. It provides the meaning of each error, its likely causes, and the steps to diagnose and resolve the problem. 

Troubleshooting 802.1X timeout issue 

A "timeout" error appears on the 802.1X test in the dashboard. 

Possible causes  

A timeout error indicates one of the following: 

  • The Access-Request message from the Meraki access point (AP) never reached the RADIUS server. 

  • The reply (Access-Accept or Access-Reject) from the RADIUS server never reached the AP. 

Troubleshooting steps 

  1. Check the RADIUS logs to confirm whether the Access-Request arrived from the Meraki AP and whether any errors appear. 

  1. Perform wired packet captures to determine where the request and reply packets are going or not going. 

Troubleshooting 802.1X connection refused issue 

The "AP failed (auth failure: connection refused)" error appears in the 802.1X test in the dashboard.  

Possible causes 

  • The connection from the access point to the RADIUS server was refused. 

  • The AP received an ICMP "Destination Unreachable" error packet in the response. 

Troubleshooting steps 

Verify that your NPS server has a valid certificate. 

Troubleshooting 802.1X password change issue 

The "AP failed (auth failure: must change password)" error appears in the 802.1X test in the dashboard.  

Possible causes 

  • This error means the AP received an Access-Reject reply from the RADIUS server stating that authentication failed and that an MSCHAPv2 error was detected, indicating that the user must change the password. 

  • The "User must change password on next login" box is checked on the user object in Active Directory.