Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

On-Prem Meraki Radius --> NPS Azure VM

Solved
DrakeKammer
Here to help
‎Feb 26 2024 7:19 AM
‎Feb 26 2024 7:19 AM

On-Prem Meraki Radius --> NPS Azure VM

We've migrated the on-prem Active Directory environment to azure and have an existing VPN pipeline.

 

We're struggling to get Meraki to send the requests over the S2S VPN.  We're using the NPS azure vm private ip within the meraki portal.

 

We thought since there was an existing VPN connection, that we could just spin up a new NPS/DC and change Meraki to forward the request to the azure vm via the S2S vpn.

 

I have event logs of on-prem devices talking to azure resources over the S2S, but cannot get the radius request to flow, or so it seems.

 

Any layers or breaking points to look into?  

 

I don't have good log files as of yet.

0 Kudos
Subscribe
1 Accepted Solution
11 Replies 11
rhbirkelund
Kind of a big deal
‎Feb 26 2024 7:44 AM
‎Feb 26 2024 7:44 AM

Iirc radius messages are sourced from the highest VPN enabled VLAN on the MX. E.g. If you have vlans 1, 10, and 20, and 1 and 10 are VPN enabled, it will be vlan 10 that the radius messages are sourced from.

LinkedIn ::: https://blog.rhbirkelund.dk/

Like what you see? - Give a Kudo ## Did it answer your question? - Mark it as a Solution 🙂

All code examples are provided as is. Responsibility for Code execution lies solely your own.
Subscribe
In response to CptnCrnch
DrakeKammer
Here to help
‎Feb 29 2024 7:10 AM
‎Feb 29 2024 7:10 AM

Added routes to azure network gateway for the highest numbered VLAN and 6.X.X.X

0 Kudos
Subscribe
DrakeKammer
Here to help
‎Feb 26 2024 9:01 AM
‎Feb 26 2024 9:01 AM

What if VLAN 10 isn't where the Radius server lives, but rather VLAN 1.  

 

0 Kudos
Subscribe
In response to DrakeKammer
cmr
Kind of a big deal
Kind of a big deal
‎Feb 26 2024 12:10 PM
‎Feb 26 2024 12:10 PM

Create a route from VLAN 10 to 1 or move the RADIUS server?

0 Kudos
Subscribe
In response to cmr
DrakeKammer
Here to help
‎Feb 26 2024 12:17 PM
‎Feb 26 2024 12:17 PM

So since the original Radius server was on-prem, VLAN priority didn't matter?  As it currently stands, using the on-prem radius server, our highest VLAN is 300, and the VLAN where the on-prem Radius server lives is on VLAN 1.  That's why I'm somewhat confused.

 

But since we're moving to a S2S tunnel for radius, it needs to be in the highest VLAN possible?

 

Where as on-prem it didn't matter?

0 Kudos
Subscribe
In response to DrakeKammer
cmr
Kind of a big deal
Kind of a big deal
‎Feb 26 2024 12:20 PM
‎Feb 26 2024 12:20 PM

Can the on prem RADIS server route to VLAN 300 and can the cloud one not?

0 Kudos
Subscribe
In response to cmr
DrakeKammer
Here to help
‎Feb 26 2024 12:35 PM
‎Feb 26 2024 12:35 PM

Might be on to something.  Yes I can ping VLAN 300 from the on-prem, but not from the azure vm.  I can ping other on-prem devices.  But it doesn't appear I can talk to VLAN300.

Subscribe
In response to cmr
DrakeKammer
Here to help
‎Feb 29 2024 7:10 AM
‎Feb 29 2024 7:10 AM

Solved.  Thank you.

 

Added routes to azure network gateway for the highest numbered VLAN and 6.X.X.X

0 Kudos
Subscribe
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Feb 26 2024 12:21 PM
‎Feb 26 2024 12:21 PM

A common issue I run into is that Windows does not correctly configure Windows Firewall to allow NPS traffic.  You need to either add extra firewall rules or disable Windows firewall.

Subscribe
In response to PhilipDAth
DrakeKammer
Here to help
‎Feb 26 2024 12:36 PM
‎Feb 26 2024 12:36 PM

one of the first things I tried after seeing the server 2019 bug.

Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.