Meraki

Community

SecurePort auth timeout recovery

RaphaelL
Kind of a big deal
Kind of a big deal
‎Dec 5 2023 11:55 AM
‎Dec 5 2023 11:55 AM

SecurePort auth timeout recovery

Hi ,

 

It is already snowing in Canada so the fun has started with many outages across the country and causing some issues for us. 

 

Atleast 1 to 3 switchports are reported per week as : SecurePort authentication timeout

 

After looking at the doc : https://documentation.meraki.com/MS/Access_Control/SecurePort_(formerly_known_as_SecureConnect)

 

I don't see any recovery mechanism other than : The APs will have 3 attempts of 5 seconds each to authenticate If this authentication fails, the switch's port will fall into a restricted state.

 

What ends up happening is that the hardware is up but the VPN or the Internet access is still down ( MX and MS/MR are booting faster than the ISP router ). The APs are doing their 3 attempts and then times out. 

 

Having a recovery timer of let's say every 5 min and the auth process starts again would be nice and would prevent me of cycling those ports. 

 

Am I missing something obvious ?

Labels:
0 Kudos
5 Replies 5
Brash
Kind of a big deal
Kind of a big deal
‎Dec 5 2023 12:17 PM
‎Dec 5 2023 12:17 PM

That's a bit of a silly but really annoying issue.

 

Depending on how it's architected, I imagine it can't be that hard to force a retry once the switch connects to the dashboard.

0 Kudos
In response to Brash
RaphaelL
Kind of a big deal
Kind of a big deal
‎Dec 5 2023 12:23 PM
‎Dec 5 2023 12:23 PM

I agree.. even hourly wouldn't even be as bad as right now

0 Kudos
BlakeRichardson
Kind of a big deal
Kind of a big deal
‎Dec 5 2023 1:10 PM
‎Dec 5 2023 1:10 PM

It makes no mention of how long between each attempt either, if its back to back you have 15 seconds......

 

A user variable parameter would be nice failing that a reasonable time to retry i.e every 15 mins as a fail safe would be nice. 

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
0 Kudos
Bucket
Getting noticed
‎Dec 6 2023 6:29 AM
‎Dec 6 2023 6:29 AM

Yeah as is you will need to cycle the ports once the sites comes back online... It's really not ideal. There is also a risk that you don't notice before the users as the AP will be online and connected to the management network even thou the port isn't authenticated...

In response to Bucket
RaphaelL
Kind of a big deal
Kind of a big deal
‎Dec 6 2023 6:32 AM
‎Dec 6 2023 6:32 AM

This is exactly the main part of the problem !

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.