Cisco have recently updated the definitions for AMP on the Meraki platform. Included in this is the following rule which blocks all NPS traffic. End users experience a constantly disconnecting/reconnecting switch port and/or wifi connection.
> OS-WINDOWS Microsoft RADIUS Server invalid access-request username denial of service attempt
> **Rule ID:**3-33053 & 3-33053:3
> [cve 2015-0015](http://cve.mitre.org/cgi-bin/cvename.cgi?name=2015-0015)
> [cve 2016-0050](http://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-0050)
Whitelisting 3-33053 and 3-33053:3 resolves the issue instantly.
---
[[Epistemic status|Colophon: Overbrewed]]