Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Changing new Radius server IP address in Template group

Solved
Iamyour_Joy33
Getting noticed
‎May 21 2024 12:59 AM
‎May 21 2024 12:59 AM

Changing new Radius server IP address in Template group

Hello All Meraki Expertise,

 

Currently we are using Cisco ISE Radius on Cisco Meraki template group. As we are having migration Cisco ISE from Appliance to VM, we use new IP address of ISE VM.

 

Currently we got an issue after changing Radius server IP from the old one to the new one on template group, which is we don't see our client device not try to re-authenticate with new Radius IP address.

 

I would like to know that is there any solution for force client to authenticate to new ISE IP address?

 

As we have tried is disable and enable port in Dashboard template but the problem is that our client is always up.

 

Thanks,

Joy

0 Kudos
Subscribe
1 Accepted Solution
In response to RaphaelL
RaphaelL
Kind of a big deal
Kind of a big deal
‎May 21 2024 7:35 AM
‎May 21 2024 7:35 AM

Just looked at my notes. On a MX , changing the RADIUS server breaks the re-auth process. We had to disable / enable the ports on a MX. 

 

Once that is done , the original re-auth hourly restarts.  No idea if it is a bug or a feature but 802.1X on MX is pretty basic / poopy.

View solution in original post

Subscribe
11 Replies 11
Iamyour_Joy33
Getting noticed
‎May 21 2024 1:02 AM
‎May 21 2024 1:02 AM

Kindly informed that we told the user that it is not impact to the operation but if we give them solution to unplug and plug network port, they will still have concerns.

 

 

I think Meraki solution should has force client to authenticate to new server, also could you please guide me how to check authenticate retry time in Meraki dashboard.

0 Kudos
Subscribe
PhilipDAth
Kind of a big deal
Kind of a big deal
‎May 21 2024 1:32 AM
‎May 21 2024 1:32 AM

Are you talking about using the Org-wide RADIUS feature?

https://documentation.meraki.com/General_Administration/Organizations_and_Networks/Organization_Menu...

 

0 Kudos
Subscribe
In response to PhilipDAth
Iamyour_Joy33
Getting noticed
‎May 22 2024 9:15 PM
‎May 22 2024 9:15 PM

Hi Philip,

 

Thanks for your document, we just face the issue after changing new Radius server on MX, Client does not authenticate to new server unless unplug and plug port again or disable and enable port back.

 

Thanks,

Joy

0 Kudos
Subscribe
RaphaelL
Kind of a big deal
Kind of a big deal
‎May 21 2024 7:30 AM
‎May 21 2024 7:30 AM

Where are you configuring the RADIUS settings ?  On a MX ? MS ? MR ?

 

 

We had the same deployement couple weeks ago and found some strange behavior on all 3.

0 Kudos
Subscribe
In response to RaphaelL
RaphaelL
Kind of a big deal
Kind of a big deal
‎May 21 2024 7:35 AM
‎May 21 2024 7:35 AM

Just looked at my notes. On a MX , changing the RADIUS server breaks the re-auth process. We had to disable / enable the ports on a MX. 

 

Once that is done , the original re-auth hourly restarts.  No idea if it is a bug or a feature but 802.1X on MX is pretty basic / poopy.

Subscribe
In response to RaphaelL
Iamyour_Joy33
Getting noticed
‎May 22 2024 9:07 PM
‎May 22 2024 9:07 PM

Hello Raphael,

 

We have inform Business that there is no interrupt to operation, our client connected to MX are offsite ATM. 

 

As per picture i shared to you, we can only use disable and enable on that interface so that client can re-auth to server.

 

I would like to know if there is any force client to re-auth without downtime?

 

Thanks,

Joy

0 Kudos
Subscribe
In response to Iamyour_Joy33
Iamyour_Joy33
Getting noticed
‎May 22 2024 9:13 PM
‎May 22 2024 9:13 PM

As I know, there should be an re-auth time for client to Radius server.

0 Kudos
Subscribe
In response to Iamyour_Joy33
RaphaelL
Kind of a big deal
Kind of a big deal
‎May 23 2024 4:45 AM
‎May 23 2024 4:45 AM

Hi , we also did migrate the RADIUS server of 800 offsite ATMs. The downtime is the time that you flap the port which is around 10-15 seconds.

 

The re-auth timer is not customizable and is hardcoded in the MX for 1hour.

0 Kudos
Subscribe
In response to RaphaelL
Iamyour_Joy33
Getting noticed
a month ago
a month ago

Hi, seem downtime is the same from our site. By the way, thank you for your information.

 

 

0 Kudos
Subscribe
In response to RaphaelL
Iamyour_Joy33
Getting noticed
‎May 23 2024 12:24 AM
‎May 23 2024 12:24 AM

Hello Raphael,

 

Thanks for your solution. it worked now by disable and enable port on MX but it take affect around 10 second to push from cloud. By the way, could you tell me where to change original re-auth hour?

0 Kudos
Subscribe
In response to RaphaelL
Iamyour_Joy33
Getting noticed
‎May 22 2024 9:05 PM
‎May 22 2024 9:05 PM

Hello Raphael,

 

Actually, We configure Radius on template, where we can configure Radius on MX port.

 

our organization only have MX.

 

Iamyour_Joy33_0-1716437065113.png

 

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.