MX17+ RADIUS messages that transit across AutoVPN may fail to be routed correctly.

RaphaelL
Kind of a big deal
Kind of a big deal

MX17+ RADIUS messages that transit across AutoVPN may fail to be routed correctly.

Hi ,

 

Has anyone encountered this issue yet ?

 

We have 1500++ networks and only like 20-30 networks were affected. All running MX18.107

 

Symtoms : RADIUS packet loss inside the VPN. Take a packet capture and you will see RADIUS retransmissions ( dupplicate requests )

 

This bug is listed in the release notes of all firmware versions of MX17 and MX18.

6 Replies 6
NJNetworkGuy100
Getting noticed

We had something similar to this issue. 

 

Our corp SSID uses Radius auth from Windows 2016 NPS servers in our data centers, and for some reason, ONLY the MX's with wifi were failing when clients connected to the corp SSID.  Since the NPS servers were in the data center, the Radius requests went over the AutoVPN.  

 

We switched those networks to using a MR instead of a MX with wifi, and we had no issue after that.  

 

We were hoping a firmware update would fix the issue, but switching to a MR for wifi was the only solution.  

RaphaelL
Kind of a big deal
Kind of a big deal

Interesting. Had you open a ticket ?

PhilipDAth
Kind of a big deal
Kind of a big deal

By chance, was this specifically MX64W - or were other models also affected?

NJNetworkGuy100
Getting noticed

A bunch of MX68W's and a MX65W were affected.  We don't have any MX64W's running around.  

 

We did open a ticket, and they wanted us to do live packet captures while on the phone with support, and I never got around to doing that.  It was quicker to just add a MR to those production networks, and then upgrade to the 17.x firmware.  

Brash
Kind of a big deal
Kind of a big deal

I'm running MX17.x across the board (far less sites than your though) and haven't hit the issue.

Back in the day I raised a Meraki support case but they couldn't give me any further details and told me not to upgrade off 16.x. Given I was being auto-scheduled upgrades and the pilot sites on 17.x hadn't hit the issue I decided to upgrade across the board.
We have a mix of MX68, MX75, MX85, MX105

RaphaelL
Kind of a big deal
Kind of a big deal

Good to hear ! 

 

We do have a mix of MX65,MX65W,MX68,MX68CW,MX85,MX250.

 

The workaround seems to be disabling IPS/IDS as reported by Support.


We upgraded from 15.44 to 18.107 after months of tests on our pilot sites without issues and we started to encounter that issue like 2-3 weeks after the upgrade which seems odd haha

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels