Cisco Support Community
Community Member

cisco WLC+802.1x



we currently have Meraki wireless APs on site and we are using it for corporate access. the authentication method is EAP-PEAP. so basically a user is added to a certain AD group and then his machine gets the certificates from the CA and based on that hes authenticated for the Corporate 


however, now we want roll out an enterprise level solution with 2 x 5508 controller and using flex connec

as you can tell from my question I am not microsoft expert, I need to know what do I need to do to use the existing radius infrastructure/authentication policy  for the new wireless solution? apart from adding the new controller as a  radius client to the radius server?


I look forward to hearing from you soon and please me know if you require any further information?


Many thanks in advance!

VIP Purple

As long as policy already

As long as policy already configured on your RADIUS server for permit access for EAP-PEAP coming from  your corporate users then that should work. Below may be some useful reference for you

WLC end you need to configure the radius server for Auth & Accounting & pointing that Radius server under WLAN configuration.

As a side note why Flexconnect ? Does this solution involve multiple branches with APs but no WLC at each site ?



**** Pls rate all useful responses ***

Community Member

I am Also getting this error

I am Also getting this error on radius:

Network Policy Server denied access to a user.
Contact the Network Policy Server administrator for more information.
Security ID: SERVICES\LAP101145$
Account Name: host/
Account Domain: SERVICES
Fully Qualified Account Name: Computers/Laptops/LAP101145
Client Machine:
Security ID: NULL SID
Account Name: -
Fully Qualified Account Name: -
OS-Version: -
Called Station Identifier: 18-e7-28-bf-ef-a0
Calling Station Identifier: 08-3e-8e-17-2e-ef
NAS IPv4 Address:
NAS IPv6 Address: -
NAS Identifier: TC2WLC1
NAS Port-Type: Wireless - IEEE 802.11
NAS Port: 13
RADIUS Client:
Client Friendly Name: TC2WLC1
Client IP Address:
Authentication Details:
Connection Request Policy Name: Meraki Wifi Authentication
Network Policy Name: Connections to other access servers
Authentication Provider: Windows
Authentication Server:
Authentication Type: EAP
EAP Type: -
Account Session Identifier: -
Logging Results: Accounting information was written to the local log file.
Reason Code: 65
Reason: The Network Access Permission setting in the dial-in properties of the user account in Active Directory is set to Deny access to the user. To change the Network Access Permission setting to either Allow access or Control access through NPS Network Policy, obtain the properties of the user account in Active Directory Users and Computers, click the Dial-in tab, and change Network Access Permission.
Community Member

Hi Rasika, Many thanks for

Hi Rasika,


Many thanks for your swift response.

the user are corporate users and part of the same AD group that can access the other Meraki WLAN. however the only difference is that the SSIS's are different e.g. the merkai one is called meraki-corp and this one is called cisco corp. I am getting the following error though:

                Authentication Type:                           PEAP

                EAP Type:                                               -

                Account Session Identifier:                 -

                Logging Results:                                   Accounting information was written to the local log file.

                Reason Code:                                        300

                Reason:                                                  No credentials are available in the security package

attached are the logs from controller when user was trying to connect.

I am using flexconnect because the controller is in our DC and APs will be going into different remote sites. hence the data need to be switched locally on remote sites.





CreatePlease to create content