07-17-2018 02:54 PM
I'm having a real issue getting RADIUS Disconnect-Messages working with our solution. I've tested and compared them to a quick test I made in FreeRADIUS, which works fine, but my implementation appears the same, yet does not work. I've attached a PCAP that includes the Access, Accounting, and Disconnect Request messages. I'm not currently getting back the response. I have confirmed that the Disconnect-Request can reach Internet destinations by sending disconnect messages to a computer running wireshark off-network.
My RADIUS Server is behind an F5, so it doesn't hold the actual public IP, thus the 10. address.
Accounting Start
Disconnect Request
Please advise!
Download the PCAP off Google Drive
Solved! Go to Solution.
07-08-2019 08:00 AM
I did. Adding the outbound IP address as a RADIUS authentication server solves the problem.
07-17-2018 05:16 PM
What kind of device is this against? A switch? An MX? MR?
07-18-2018 07:46 AM
This is being tested agains MR18s and MR33s
07-07-2019 08:38 AM
I'm having same issue with MR18. Do you have any resolution to this issue?
07-08-2019 08:00 AM
I did. Adding the outbound IP address as a RADIUS authentication server solves the problem.
07-08-2019 07:41 PM
Hi nkarstedt,
I'm little confuse. Where did you add the IP Address of Radius authentication server? From your firewall? Thanks!
07-08-2019 07:46 PM
Correct. When behind an LB, outbound traffic will come from its IP. If you're behind an application configured on the FW/LB, you'll get the same IP from any internet application that will expose your IP (Different from those than can reach your IP FROM the internet). That's the IP that the Meraki cloud will see and must verify as a valid authentication server.
07-10-2019 04:46 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide