RADIUS server for VPN question?

lakshadvio
New here

RADIUS server for VPN question?

I've enabled RADIUS option on Meraki dashboard so users can login with their Active Directory / Windows account.  This is working.  I have 2 RADIUS servers, and I have both of them added in the Meraki dashboard.

 

My question is, since I have 2 RADIUS servers, do they do 'load sharing'?  For example, does all the RADIUS requests go to the first RADIUS server all the time or does the second RADIUS server take over automatically?

 

 

Plus, I have some users that doesn't log out of VPN when they're done and put their computers to sleep.  But sometimes they get an error (756 This connection is already being dialed.) when they try to connect again.  If they sign out / restart their laptops and try again this works.  

 

Lastly, does Meraki have any plans to make a 10GB router?  My ISP speed is 100 Mbps / 100 Mbps.  Almost all my switches at work is 10GB. 

7 REPLIES 7
CptnCrnch
Kind of a big deal

As to your first question:

No, the first configured RADIUS server will be used until it isn't reachable anymore from the NAD. Then it will automatically fail over to the second, third, ... one.

 

As to the last question:

Please note that this is a community forum. Of course there are some fellow Meraki-employees helping us out here, but the best option would probably be getting in contact with your sales rep.

PhilipDAth
Kind of a big deal

The Meraki MX250 and MX450 both have 10Gbe interfaces - but they are not for home use.  They are designed for data centres.

 

>But sometimes they get an error (756 This connection is already being dialed.) when they try to connect again.

 

That's a Microsoft issue that one.  Nothing Meraki can do about it.

Why would I need a RADIUS server if my clients can connect and authenticate with Active Directory? When do I need a RADIUS server? shareit app vidmate

The Windows VPN client does not use any authentication protocol that is supported by Active Directory natively.  So you have to use something to go between them - a RADIUS server.

cmr
Kind of a big deal
Kind of a big deal

The Microsoft NPS is such a tool, it has RADIUS conversations on one side and talks to AD on the other.

tantony
Head in the Cloud

That's what I'm using for my VPN authentication.  

Completely dependent on the network device. Most of them will query the first RADIUS server and fall back to the second one in case the first is not reachable / takes too long to answer.

 

If you want load sharing, you'd stick to an external load balancer.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels