VLAN & Radius - Confusion!

SprScott
New here

VLAN & Radius - Confusion!

Hi 

 

I have previously had my MX64 appliance running as a single lan with a radius SSID broadcasting.

 

The radius client is setup within NPS as 192.168.106.1.

 

I have since created 4 VLANS to seperate the network as per below.

 

192.168.106.0/25

192.168.*.1 - 126

Default Vlan

1

192.168.106.128/27

192.168.*.129-158

Staff Only

2

192.168.106.160/27

192.168.*.161-190

Pupil Only

3

192.168.106.192/28

192.168.*193-206

Admin

4

 

Since adding these VLANS I noticed that clients could no longer connect to the RADIUS ssid. Upon looking at the logs I could see that the requests were coming into NPS and failing as the MX IP of VLAN 4 was not setup as a client within NPS.

 

If I add this radius works fine on client pc’s

 

My problem is my radius SSID is set to use VLAN 1 why does the the radius request come from the VLAN 4 MX IP? 

 

Is it by design that the highest VLAN makes radius requests?

 

Any advice guidence why this is happening so I can understand will be much appreciated, if you need any further information from me please ask

 

Thanks

 

Scott

3 REPLIES 3
PhilipDAth
Kind of a big deal
Kind of a big deal

Have you got the AP connected to a trunk port on your switch?

The SSID should be configured toi bridge into whatever other VLAN you want the clients to be on.

 

You can also override the VLAN the AP uses to send the RADIUS messages on the screen where you can configure its IP address but you should not need to do this for your case.

Thanks for your reply.

 

All my VLANS work as expected.

 

All I cant understand is why on my NPS server I have to set the address of my radius client from 192.168.106.1 to the MX IP i set for VLAN 4 to allow radius to work

 

 

PhilipDAth
Kind of a big deal
Kind of a big deal

Either the native vlan is 4 on the switch side, or you have configured the access point to use vlan 4.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels