06-10-2024 09:12 AM
Hello Community,
We are having intermittent Radius authentication issues last couple month now. Here is some background regarding our configuration:
We have 2 SSID is setup across all offices which are xxx_CORP and xxx_GUEST.
xxx_GUEST is based on permanent password authentication and works without issues.
However xxx_CORP is configured with Radius Authentication with certificate, and our radius
provider is radius-as-a-service.com. Intermittently our corporate devices like laptops are having
issues to connect. When I pull Meraki portal logs regarding authentication I see lots of these errors:
Client made an 802.1X authentication request to the RADIUS server, but it did not respond.auth_mode='wpa2-802.1x' vlan_id='50' radius_proto='ipv4' radius_ip='127.0.0.1' reason='radius_timeout' reassoc='1' radio='1' vap='0' channel='44' rssi='42'
With radius server we use secure radius configuration utilizing RadSec over TCP. I wondering why in the logs showing radius
server address as "127.0.0.1" why not actual radius server address configured ?
If anybody have any advice or experience I really appreciate your input.
Thank you very much.
06-10-2024 09:23 AM
06-10-2024 09:31 AM
Thank you @alessandrodematos for quick response, here is firmware info:
Current version: MR 30.6
We upgraded couple month ago that also kind a aligns with radius issues, I have to check.
06-10-2024 02:06 PM
What does the RADIUS server log show? Is it seeing the authentication request coming in? Is it allowing it or denying it (and if deny, why)?
06-11-2024 08:45 AM
Hey PhillipDath.
No unfortunately I do not see deny requests on Radius server. Especially from devices it has been issues. That's baffling me.
06-11-2024 08:50 AM
In your place I would try to downgrade or upgrade to another version just to test. It would be interesting to request support from Meraki support.
06-14-2024 06:36 AM
Hello,
It is expected to observe 127.0.0.1 IP address while using the RADSec over TCP. Did you notice if the Access-Request messages are reaching your RADIUS server?
I will also recommend calling support to take a packet capture and confirm where the RADIUS authentication is failing on your network.
10-21-2024 03:53 AM
Was there ever a fix for this? I've got a similar issue using a cloud based Radsec provider.
The client will authenticate in the end but it generates alerts along the way...
10-21-2024 11:11 AM
No never fixed the issue, but occurrences is decreased. I suspecting Radius-as-Service issue. I'm still building on prem solution for this issue.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide