When setting up Meraki to use the Okta RADIUS agent, a Test button is seen in the Meraki management console: https://<tenantid>meraki.com/WISG-Wireless-wi/ulnjzdge/manage/configure/access_control/2
Pressing that button may fail with:
..failed to connect to the RADIUS server...
- Cisco Meraki
- Okta Classic Engine
This test is not valid.
- In reviewing a network trace of this test, Meraki responds to our Access-Challenge to start EAP-TTLS with a Legacy Nak.
Extensible Authentication Protocol Code: Response (2)
Id: 0
Length: 6
Type: Legacy Nak (Response Only) (3)
Desired Auth Type: Protected EAP (EAP-PEAP) (25)
- When an actual test from a client attempting to connect will respond with a Client Hello per EAP-TLS Authentication Workflow and Message Exchange.
Extensible Authentication Protocol
Code: Response (2)
Id: 0
Length: 161
Type: Tunneled TLS EAP (EAP-TTLS) (21)
EAP-TLS Flags: 0x80
1... .... = Length Included: True
.0.. .... = More Fragments: False
..0. .... = Start: False
.... .000 = Version: 0
EAP-TLS Length: 151
Transport Layer Security
TLSv1.2 Record Layer: Handshake Protocol: Client Hello
Content Type: Handshake (22)
Version: TLS 1.0 (0x0301)
Length: 146
Handshake Protocol: Client Hello
Handshake Type: Client Hello (1)
Length: 142
Test with an actual client trying to connect while gathering a network trace to troubleshoot this issue
