cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

RADIUS Disconnect-Request Issue

SOLVED
Here to help

RADIUS Disconnect-Request Issue

I'm having a real issue getting RADIUS Disconnect-Messages working with our solution. I've tested and compared them to a quick test I made in FreeRADIUS, which works fine, but my implementation appears the same, yet does not work. I've attached a PCAP that includes the Access, Accounting, and Disconnect Request messages. I'm not currently getting back the response. I have confirmed that the Disconnect-Request can reach Internet destinations by sending disconnect messages to a computer running wireshark off-network.

My RADIUS Server is behind an F5, so it doesn't hold the actual public IP, thus the 10. address.

 

Screen Shot 2018-07-17 at 5.56.48 PM.pngAccounting StartScreen Shot 2018-07-17 at 5.56.56 PM.pngDisconnect Request

 

Please advise!

 

Download the PCAP off Google Drive

1 ACCEPTED SOLUTION

Accepted Solutions
Here to help

Re: RADIUS Disconnect-Request Issue

I did. Adding the outbound IP address as a RADIUS authentication server solves the problem.

7 REPLIES 7
Kind of a big deal

Re: RADIUS Disconnect-Request Issue

What kind of device is this against?  A switch?  An MX?  MR?

Here to help

Re: RADIUS Disconnect-Request Issue

This is being tested agains MR18s and MR33s

Comes here often

Re: RADIUS Disconnect-Request Issue

I'm having same issue with MR18. Do you have any resolution to this issue?

Here to help

Re: RADIUS Disconnect-Request Issue

I did. Adding the outbound IP address as a RADIUS authentication server solves the problem.

Comes here often

Re: RADIUS Disconnect-Request Issue

Hi  nkarstedt,

 

I'm little confuse. Where did you add the IP Address of Radius authentication server? From your firewall? Thanks!

Here to help

Re: RADIUS Disconnect-Request Issue

Correct. When behind an LB, outbound traffic will come from its IP. If you're behind an application configured on the FW/LB, you'll get the same IP from any internet application that will expose your IP (Different from those than can reach your IP FROM the internet). That's the IP that the Meraki cloud will see and must verify as a valid authentication server.

Comes here often

Re: RADIUS Disconnect-Request Issue

Hi nkarstedt,

Thanks! I'll apply your solution to my setup
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.