Meraki

Community

RADIUS Disconnect-Request Issue

Solved
nkarstedt
Here to help
‎Jul 17 2018 2:54 PM
‎Jul 17 2018 2:54 PM

RADIUS Disconnect-Request Issue

I'm having a real issue getting RADIUS Disconnect-Messages working with our solution. I've tested and compared them to a quick test I made in FreeRADIUS, which works fine, but my implementation appears the same, yet does not work. I've attached a PCAP that includes the Access, Accounting, and Disconnect Request messages. I'm not currently getting back the response. I have confirmed that the Disconnect-Request can reach Internet destinations by sending disconnect messages to a computer running wireshark off-network.

My RADIUS Server is behind an F5, so it doesn't hold the actual public IP, thus the 10. address.

 

Accounting StartAccounting StartDisconnect RequestDisconnect Request

 

Please advise!

 

Download the PCAP off Google Drive

Labels:
0 Kudos
1 Accepted Solution
In response to justinmark
nkarstedt
Here to help
‎Jul 8 2019 8:00 AM
‎Jul 8 2019 8:00 AM

I did. Adding the outbound IP address as a RADIUS authentication server solves the problem.

View solution in original post

0 Kudos
7 Replies 7
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jul 17 2018 5:16 PM
‎Jul 17 2018 5:16 PM

What kind of device is this against?  A switch?  An MX?  MR?

0 Kudos
In response to PhilipDAth
nkarstedt
Here to help
‎Jul 18 2018 7:46 AM
‎Jul 18 2018 7:46 AM

This is being tested agains MR18s and MR33s

0 Kudos
In response to nkarstedt
justinmark
Comes here often
‎Jul 7 2019 8:38 AM
‎Jul 7 2019 8:38 AM

I'm having same issue with MR18. Do you have any resolution to this issue?

0 Kudos
In response to justinmark
nkarstedt
Here to help
‎Jul 8 2019 8:00 AM
‎Jul 8 2019 8:00 AM

I did. Adding the outbound IP address as a RADIUS authentication server solves the problem.

0 Kudos
In response to nkarstedt
justinmark
Comes here often
‎Jul 8 2019 7:41 PM
‎Jul 8 2019 7:41 PM

Hi  nkarstedt,

 

I'm little confuse. Where did you add the IP Address of Radius authentication server? From your firewall? Thanks!

0 Kudos
In response to justinmark
nkarstedt
Here to help
‎Jul 8 2019 7:46 PM
‎Jul 8 2019 7:46 PM

Correct. When behind an LB, outbound traffic will come from its IP. If you're behind an application configured on the FW/LB, you'll get the same IP from any internet application that will expose your IP (Different from those than can reach your IP FROM the internet). That's the IP that the Meraki cloud will see and must verify as a valid authentication server.

0 Kudos
In response to nkarstedt
justinmark
Comes here often
‎Jul 10 2019 4:46 AM
‎Jul 10 2019 4:46 AM

Hi nkarstedt,

Thanks! I'll apply your solution to my setup
0 Kudos
li.common.scroll-to.top
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
© 2025 Cisco Systems, Inc.