Buy or Renew
Buy or Renew
NEW: Try the Beta AI Summary feature on posts in the Routing and SD-WAN forum. Click to go to the forum.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3343
Views
0
Helpful
7
Replies

Issue with AAA server auth req routing

Tribbio
Community Member

‎07-17-2024 06:00 AM

Hi everybody.

I have a problem with my radius server.

I have an SSID (on the site A), that use a VM with freeradius (on the site B).

Both sites are linked eachother with a VPN connection.

On my SSID configuration I put an public address 193.xxx.xxx.95 (which is the ip addres on the VM), in the field MyRadius.

The AAA process seems to work but every time someone try to connect on the site A, the radius server recieve auth request from the public IP of the site A.

Therefore, the connection pass through internet insted of VPN connection.

I've already configurated a VPN connection through public ip 193.xxx.xxx.3 (site B).

And other SSIDs are able to comunicate with other radius servers (on site B) through VPN, the only difference is that other SSIDs use radius servers configurated with local ip (172.xxx.xxx.xxx).

Can someone please tell me how to directing traffic through VPN using 193.xxx.xxx.95?

Thank you.

Labels:
0 Helpful
7 Replies 7

Raphael_L
Meraki Community All-Star
Meraki Community All-Star

‎07-17-2024 06:10 AM

Hi ,

Why are you not using the LAN IP of the Radius server ? Is the routing between the 2 sites even working ?

0 Helpful

Tribbio
Community Member
In response to Raphael_L

‎07-17-2024 08:17 AM

Unfortunately the Radius is a VM with only an ethernet interface (configured with public ip). Is It necessary or there's another way to bypass this issue?

I mean, I think I could add another interface with a local ip address.

Do u think this will solve the problem?

0 Helpful

Raphael_L
Meraki Community All-Star
Meraki Community All-Star
In response to Tribbio

‎07-17-2024 08:24 AM

What a weird setup.

You are sending / receiving RADIUS request over the Internet without encryption ( RadSec ) ?

0 Helpful

Tribbio
Community Member
In response to Raphael_L

‎07-18-2024 12:23 AM

Yep I know ahahha.

I'm talking abt freeradius, for eduroam service.

If u know this service.

0 Helpful

aleabrahao
Meraki Community All-Star
Meraki Community All-Star

‎07-17-2024 07:57 AM

You have to use your radius private IP instead of the public IP.

I am not a Cisco employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Helpful

Tribbio
Community Member
In response to aleabrahao

‎07-17-2024 08:17 AM

Unfortunately the Radius is a VM with only an ethernet interface (configured with public ip). Is It necessary or there's another way to bypass this issue?

I mean, I think I could add another interface with a local ip address.

Do u think this will solve the problem?

0 Helpful

aleabrahao
Meraki Community All-Star
Meraki Community All-Star
In response to Tribbio

‎07-17-2024 08:52 AM

I highly advise you to do this instead of leaving your server exposed to the internet.

I am not a Cisco employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card