Z3 - Using wrong VLAN as source on RADIUS requests

SOLVED
Grumples
Here to help

Z3 - Using wrong VLAN as source on RADIUS requests

Hello all.  I'm trialing some Z3 appliances.  My Z3 has a default VLAN (192.168.50.1) and VLAN2 for voice (172.16.50.1).

 

When I first setup the Z3, I didn't have the voice VLAN created.  And when I setup a wireless SSID with RADIUS authentication, it worked great.  But since adding the 2nd VLAN, my laptop will not connect to this same SSID.

 

I was poking around my RADIUS server, and I found System Events like this:

A RADIUS message was received from the invalid RADIUS client IP address 172.16.50.1.

 

So, for reasons that I haven't been able to determine, the RADIUS requests from the Z3 are going to my RADIUS server with a source IP = 172.16.50.1 (Voice VLAN) when they should be going out with source IP = 192.168.50.1.

 

On my SSID, the VLAN Assignment = Default (1).  I can't think what other setting that I need to look for to correct this.  But yet I feel like I'm missing something really simple.

 

Anyone else have experience with RADIUS and multiple VLAN on the Z3?

 

Thanks, much.

1 ACCEPTED SOLUTION
Jerome_EVAGroup
Here to help

If I remember correctly, the behavior is to pick the interface with the highest VLAN for radius trafic

 

I remember I used to configure a dummy VLAN 1000 for this purpose

View solution in original post

4 REPLIES 4
Jerome_EVAGroup
Here to help

If I remember correctly, the behavior is to pick the interface with the highest VLAN for radius trafic

 

I remember I used to configure a dummy VLAN 1000 for this purpose

@Jerome_EVAGroupYour memory is good, indeed.  I setup dummy VLAN 1000 and now my laptop is connected.  I hope Meraki considers this a flaw or bug that will be corrected.  But, the main thing is, this works and is a solution I can replicate on each Z3.

 

Thanks!

PhilipDAth
Kind of a big deal
Kind of a big deal

Some devices let you configure an "Alternative Management Interface" to control which one is used for RADIUS.  Not sure about the Z3.

https://documentation.meraki.com/MR/Other_Topics/Alternate_Management_Interface_on_MR_Devices 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels