Buy or Renew
Buy or Renew
NEW: Try the Beta AI Summary feature on posts in the Routing and SD-WAN forum. Click to go to the forum.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
21637
Views
35
Helpful
45
Replies

30.7 Update Breaks RADIUS

jpeter
Level 2
Level 2

‎07-15-2024 06:16 PM

We just recently upgraded our eligible APs to 30.7 from 30.5. Immediately afterward all 802.11 auth attempts to our RADIUS servers failed. Thus, we rolled back to 30.5. Has anyone else encountered this issue? I see in the 30.7 release notes a reference to a fix for RADIUS requests when if they had exited the primary management interface if an AMI was defined. In our environment we don't have a AMI defined.

Labels:
45 Replies 45

pjc
Level 4
Level 4

‎07-18-2024 02:31 AM

@skunkytoots and @Brad39 do you both have client balancing enabled on the affected networks ? I've scheduled 30.7 upgrades for next week and we run NPS Radius but we don't use client balancing

Thanks

0 Helpful

jpeter
Level 2
Level 2
In response to pjc

‎07-18-2024 06:29 AM

Yes we have Client Balancing enabled. Perhaps we fall under "very specific configurations".

Brad39
Community Member
In response to pjc

‎07-18-2024 04:01 PM

We have it on, however we tested turning this off to try and fix the issue but didn’t help

ChristianHenn
Community Member

‎07-19-2024 02:09 AM

We had the exact same issue. The only solution was to rollback.

0 Helpful

pjc
Level 4
Level 4

‎07-19-2024 03:24 AM

I've decided to postpone my planned rollout of 30.7. Although we don't use client balancing, @Brad39 stating that turning off client balancing didn't solve the issue is enough for me to be nervous about this, despite me running 30.7 in a small live environment (2 x MR44's) for the past week without issues with radius auth (my normal live test firmware update environment)

0 Helpful

Brad39
Community Member

‎07-22-2024 06:54 PM

It’s a strange one, in the end this looks to have only affected 2 out of around 30 networks in our org, all very similarly configured. We are just going to hold off on 30.7 for those two and possibly jump to the next release.

redsector
Level 8
Level 8
In response to Brad39

‎07-24-2024 03:05 AM

I have got the same issue

0 Helpful

redsector
Level 8
Level 8

‎07-24-2024 03:07 AM

I have got also issues with Cisco ISE 3.2 Errors occured since ugrading ISE from 2.7 to 3.2 and Meraki MR30.6 to MR30.7

0 Helpful

telcorinc
Level 2
Level 2

‎07-24-2024 07:00 AM

Had this exact issue going from 29.X to 30.7. Any SSID using radius was broken. We backend with ISE. Rolled back to fix for now.

0 Helpful

user3471
Community Member

‎07-24-2024 11:31 AM

Similar experience here after seven networks with MR42 (and some MR86) APs upgraded from MR 29.5.1 to MR 30.7 overnight.

We have various SSIDs configured across the seven networks in question.

We experienced at least two networks where an SSID configured for Identity PSK with RADIUS did not permit clients to move past the association step.

Event logs showed clients attempting to associate but never moving to the wpa_auth step. After not too long, associations from clients on the SSID in question were failing with reason code 17.

Finding this thread (and another thread on Reddit), we disabled client balancing and the symptoms subsided.

The remaining networks that have an SSID configured for Identity PSK with RADIUS do not currently have active clients that would be attempting to use that SSID, so we don't yet know if they're affected.

Like others, we've opened a case with Meraki support to report the issue and seek more details.

pjc
Level 4
Level 4

‎07-25-2024 04:47 AM

Being reported on Reddit

https://www.reddit.com/r/meraki/comments/1e35rty/mr_307_causes_association_error_17/

I'm gonna hold of upgrading until confirmed fixed in future release

jpeter
Level 2
Level 2
In response to pjc

‎09-02-2024 07:56 AM

This might be it. Our affected SSID is in Slot9.

0 Helpful

kenneth.thomson
Community Member

‎08-08-2024 06:57 AM

this seems specific to the AP model , we have MR57 and 30.7 with no issues . However other offices with mr33 do have issues. Meraki have not been very forthcoming with support

BWIT1
Community Member
In response to kenneth.thomson

‎08-09-2024 05:17 AM

Hi

We had the issue with MR46's with NPS

One of my networks I applied the workaround of diabling the client balencing, the others I chose to roll back.

The best part is meraki support said

'a fix has been developed by our engineering team and should be available in the next firmware releases of MR 30.8 & MR 31.1.2'

However 30.8 is not yet avaible and 31.1.2 has already been superseeded by 31.1.3 in beta. 🙄

Even worse than that, I asked why this known issue was not noted on the release notes and could the add it, they said

'While it is true that there is a known issue with SSID and client balancing in version 30.7, not all customers utilize these specific features, so they will not be impacted by this issue.' ...'Furthermore, the request to update the release notes of firmware upgrades immediately upon issue identification cannot be fulfilled by Meraki Support directly. Nevertheless, we have the means to relay feedback and information to our internal development team. Notably, utilizing the "leave feedback" function'.👏

The point being, I dont know why they can't retrospectivly add a note the release notes of 30.7 to mention this known issue, its not a secret.

Finally, the best part, even though I have an active support case about this issue, Meraki's automation decided to schedule updates to 30.7 for my remaing networks last week. 😒

JMI
Level 1
Level 1

‎09-02-2024 02:14 AM

As per the recent findings in the Reddit thread mentioned earlier - avoid SSID slot #9.

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card