cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4024
Views
0
Helpful
6
Replies

API - Using 8021x-localradius authentication getting Authentication requires 802.1x servers:

DevOps_1999
Community Member

I've created a script using json and localRadius -

I've configured all necessary fields and what looks to be the correct setup. I keep on getting the following error when running the python script. Using localRadius option of 8021x-localradius there are no Radius Servers. Even if I take the json from a working setup and try it again, it does not work.

Has anyone ever had any experience using the API and 8021x-localradius?

Here is the error:

b'{"errors":["Authentication mode requires RADIUS 802.1X servers"]}'

1 Accepted Solution

Accepted Solutions

For those who might come across this problem in the future:

Error: b'{"errors":["Authentication mode requires RADIUS 802.1X servers"]}'

Does require you to specify the radius server property, which I did and made up something completely fake. I think there is a bug in the API which requires the radiusServers to be specified with localRadius. This should not be specified as the radius server in this case IS the meraki AP not an external server.

In JSON format:

"radiusServers": [
{
"host": "1.1.1.1",
"secret": "fdafdasfdas",
"port": 123
}
]
}

Just a note:

When I look at the dashboard setup for this SSID, there are NO radiusServers setup, even though it is in the code. As per the documentation above 8021x-radius and ipsk-with-radius are the only authMethods which need RadiusServers.

View solution in original post

6 Replies 6

Raphael_L
Meraki Community All-Star
Meraki Community All-Star

Hi ,

You have to define the 802.1X Servers. Please refer to the documentation of that endpoint : https://developer.cisco.com/meraki/api-latest/#!update-network-wireless-ssid

I'm pretty sure that you are trying to update a SSID

DevOps_1999
Community Member

Yes, I'm sorry. I'm updating/creating an SSID:

Though I'd technically agree with you - I have a completely working SSID which I pulled configuration from. There are no 802.1x servers defined in the working configuration. What is defined is the ldap servers for querying the certificate validity.

With a localRadius configuration - there is only a definition for Certificate as well as ldap server query settings.

Raphael_L
Meraki Community All-Star
Meraki Community All-Star

On that said SSID , what is the auth mode ( via API and dashboard just to confirm )

Thanks for the reply.

AuthMode string is as specified highlighted in black:

authMode:string

The association control method for the SSID ('open', 'open-enhanced', 'psk', 'open-with-radius', '8021x-meraki', '8021x-nac', '8021x-radius', '8021x-google', '8021x-localradius', 'ipsk-with-radius' or 'ipsk-without-radius')

Let me update a few thoughts:

Here is what the documentation states for localRadius object. It's the local radius on the AP, so there would not be a radius server defined in this circumstance.

localRadius: object

The current setting for Local Authentication, a built-in RADIUS server on the access point. Only valid if authMode is '8021x-localradius'.

radiusServers:array[]

The RADIUS 802.1X servers to be used for authentication. This param is only valid if the authMode is 'open-with-radius', '8021x-radius' or 'ipsk-with-radius'

The RadiusServers are not used with the localRadius, which makes sense.

For those who might come across this problem in the future:

Error: b'{"errors":["Authentication mode requires RADIUS 802.1X servers"]}'

Does require you to specify the radius server property, which I did and made up something completely fake. I think there is a bug in the API which requires the radiusServers to be specified with localRadius. This should not be specified as the radius server in this case IS the meraki AP not an external server.

In JSON format:

"radiusServers": [
{
"host": "1.1.1.1",
"secret": "fdafdasfdas",
"port": 123
}
]
}

Just a note:

When I look at the dashboard setup for this SSID, there are NO radiusServers setup, even though it is in the code. As per the documentation above 8021x-radius and ipsk-with-radius are the only authMethods which need RadiusServers.