I have two MR33 access points that are hard wired and one MR18 access point that is setup in Mesh mode. There are two SSIDs, One uses RADIUS authentication, and the other uses the Meraki Guest network.
This setup has been working flawlessly for over a year. But in the last two weeks, clients can connect to the Guest network, but not the one using RADIUS. If I go to the Meraki website and check RADIUS connectivity, all three Access Points pass the test.
The clients on the RADIUS network will either get in a continuous 802.11 association and 802.11 disassociation loop, or when they can associate, they cannot get out to the internet.
I have factory reset the MR18, but that did not make any difference. All access points are running 25.13 which was applied last October.
If I drag a network cable to the access point and temporarily wire it, RADIUS clients have no problem connecting or accessing the internet.
Any insights to what might be going on, or what other steps I could take to debug or fix this, would be welcome.
Following on from what Phil said has anything changed on the Radius server i.e. windows updates?
Thanks for response. The RADIUS Server managed by JumpCloud, a cloud based replacement for Active Directory.
Clients have no issues connecting to the RADIUS network from either of the wired MR33. As I said before, all 3 AP test fine from the Meraki Web page. It is just the Meshed MR18 that is the problem child.
I can't see the RADIUS logs, as the RADIUS is managed by JumpCloud. As I mentioned, RADIUS clients can connect to the wired MR33s, but not the Meshed MR18.
@PhilipDAth The last firmware change was last October, but I did change the Client IP assignment from Layer 3 Roaming to Bridge Mode recently.
I just did some more testing. If the RADIUS network is in Layer 3 Roaming, Clients can connect successfully to the Meshed MR18. If I change the Client IP Assignment to Bridge Mode, clients cannot successfully connect.
I had been prototyping a network layout where there is no "Trusted Lan" (See Google's BeyondCorp). I enabled port isolation on my switches, and then Layer 2 Isolation on the RADIUS lan. So the Layer 2 isolation is breaking the ability of a client on a Meshed Access Point to connect to the internet.