Meraki

Community

Trouble connecting to Radius server for Access Policy for a the switch

Announcer
Getting noticed
‎Aug 18 2023 8:30 AM
‎Aug 18 2023 8:30 AM

Trouble connecting to Radius server for Access Policy for a the switch

I have client vpn setup with Radius enabled and working so I know the Radius portion is working.  I am trying to setup an Access Policy to enable 802.1x on a switch port.  When I enter the info of the radius server it fails the test.  What do I need to configure on the radius server side to make this work?  ap.JPG

0 Kudos
6 Replies 6
ww
Kind of a big deal
Kind of a big deal
‎Aug 18 2023 8:39 AM
‎Aug 18 2023 8:39 AM

Did you add the switch management ip/subnet  to the radius server. Or does your radius server accept radius requests from any ip

0 Kudos
In response to ww
Announcer
Getting noticed
‎Aug 18 2023 9:12 AM
‎Aug 18 2023 9:12 AM

Ok, let me try that.  I currently have the gateway (MX100) ip being accepted.  

0 Kudos
alemabrahao
Kind of a big deal
Kind of a big deal
‎Aug 18 2023 8:40 AM
‎Aug 18 2023 8:40 AM

What Radius are you using?

 

Check the documentation.

 

 

https://documentation.meraki.com/MS/Access_Control/Configuring_802.1X_Access_Policies_on_MS_Switches...

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
In response to alemabrahao
Announcer
Getting noticed
‎Sep 1 2023 2:03 PM
‎Sep 1 2023 2:03 PM

Documentation really helped.  If I want to test this on just one switch ( have 3), and on just one port, will all connected clients be affected when I make this on the NPS?  Or does it only get applied when it is applied via Meraki?

0 Kudos
JamesC_AB
Here to help
‎Aug 18 2023 8:49 AM
‎Aug 18 2023 8:49 AM

Assuming you're using a Microsoft Windows NPS (RADIUS) server, here's some more up to date Microsoft documentation for adding the IP address of the Meraki switch(es) to the server:
https://learn.microsoft.com/en-us/windows-server/networking/technologies/nps/nps-radius-clients-conf...

Without first adding those IPs to the RADIUS server, RADIUS requests may just be ignored.

Further, you can confirm the IP address that the switches are using to communicate with the RADIUS server by taking a packet capture (filtered for UDP port 1812 on whichever port is connecting to the RADIUS server) while attempting to authenticate a network client. Then look at the "NAS-IP-Address" attribute field for each switch:

 

JamesC_AB_0-1692373563284.png

It'll likely just be the management IP address, but if you're using Layer 3 routing on the switches, it might be good idea to confirm.

PhilipDAth
Kind of a big deal
Kind of a big deal
‎Aug 20 2023 12:52 PM
‎Aug 20 2023 12:52 PM

Take a look at the RADIUS server log and see what reason it gave for denying the connection request.

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2025 Cisco Systems, Inc.