RADIUS Disconnect-Request Issue

SOLVED
nkarstedt
Here to help

RADIUS Disconnect-Request Issue

I'm having a real issue getting RADIUS Disconnect-Messages working with our solution. I've tested and compared them to a quick test I made in FreeRADIUS, which works fine, but my implementation appears the same, yet does not work. I've attached a PCAP that includes the Access, Accounting, and Disconnect Request messages. I'm not currently getting back the response. I have confirmed that the Disconnect-Request can reach Internet destinations by sending disconnect messages to a computer running wireshark off-network.

My RADIUS Server is behind an F5, so it doesn't hold the actual public IP, thus the 10. address.

 

Accounting StartAccounting StartDisconnect RequestDisconnect Request

 

Please advise!

 

Download the PCAP off Google Drive

1 ACCEPTED SOLUTION

I did. Adding the outbound IP address as a RADIUS authentication server solves the problem.

View solution in original post

7 REPLIES 7
PhilipDAth
Kind of a big deal
Kind of a big deal

What kind of device is this against?  A switch?  An MX?  MR?

This is being tested agains MR18s and MR33s

I'm having same issue with MR18. Do you have any resolution to this issue?

I did. Adding the outbound IP address as a RADIUS authentication server solves the problem.

Hi  nkarstedt,

 

I'm little confuse. Where did you add the IP Address of Radius authentication server? From your firewall? Thanks!

Correct. When behind an LB, outbound traffic will come from its IP. If you're behind an application configured on the FW/LB, you'll get the same IP from any internet application that will expose your IP (Different from those than can reach your IP FROM the internet). That's the IP that the Meraki cloud will see and must verify as a valid authentication server.

Hi nkarstedt,

Thanks! I'll apply your solution to my setup
Get notified when there are additional replies to this discussion.