I'm having a real issue getting RADIUS Disconnect-Messages working with our solution. I've tested and compared them to a quick test I made in FreeRADIUS, which works fine, but my implementation appears the same, yet does not work. I've attached a PCAP that includes the Access, Accounting, and Disconnect Request messages. I'm not currently getting back the response. I have confirmed that the Disconnect-Request can reach Internet destinations by sending disconnect messages to a computer running wireshark off-network.
My RADIUS Server is behind an F5, so it doesn't hold the actual public IP, thus the 10. address.
Solved! Go to Solution.
I'm little confuse. Where did you add the IP Address of Radius authentication server? From your firewall? Thanks!
Correct. When behind an LB, outbound traffic will come from its IP. If you're behind an application configured on the FW/LB, you'll get the same IP from any internet application that will expose your IP (Different from those than can reach your IP FROM the internet). That's the IP that the Meraki cloud will see and must verify as a valid authentication server.