I have set up Configuring RADIUS Authentication with WPA2-Enterprise. My AP management IP for MR55-1-Downstairs-AP is configured. USER VLAN ID for this which set up in attribute is 129 - the user who connects to this AP should get an IP that is not management IP of AP but VLAN ID 129 IP.
When I test radius server from the radius servers part of the dashboard, my test is successful. However, when I connect to the wireless SSID - I am connected but it say no internet and I get 169.254.xxxx.xxx. IP address.
What am I doing wrong?
Completed testing to "IP address of Radius server" for corporate\username"
All access points successfully contacted the RADIUS server.
RADIUS attributes used:
RADIUS attributes unused:
What is missing?
I used this link to configure https://documentation.meraki.com/MR/Encryption_and_Authentication/Configuring_RADIUS_Authentication_...
End goal is to implement 17 MR55 devices into my environment.1st Floor devices will use VLAN user ID xxx and 2nd Floor devices will use VLAN user ID xxx. They are both different VLAN IDS for each floor.
the auth is succesfull?
try capture on ap and client to see if the client sending a bootp discover . also check the switch trunk port to verify what vlan the dhcp request is send
1) Pcap on wired interface of the AP ' shows that Radius server sends a Access-Accept after which the client sends DHCP Discovers but we are not receiving any DHCP offers from the upstream.
What are the next steps
on my 4510 - ip dhcp pool RESERVATION-(name of AP)
host (IP OF AP)
client-identifier (MAC OF AP)
client-name RESERVATION-(name of AP)
on my 3560 for the port that my AP is directly plugged into from wall to PP to 3560 port Config
description (name of AP)
switchport trunk encapsulation dot1q
switchport trunk native vlan (AP management IP)
switchport trunk allowed vlan (AP management IP VLAN and AP User IP VLAN)
switchport mode trunk
check is the dhcp server is receiving the discover. if not, your vlan is not l2 from ap to the dhcp server or your forwarder is failing.
You should also be able to check the client auth status too. It's shown on the client details page which you can reach by finding the client in Network-wdie > Clients and clicking on them. That should at least tell you if the client is authenticated, and if they have the correct VLAN assigned.
our DHCP is coming directly from our Cisco 4510. Everything is configured correctly - I am trying to see if it is possible with Meraki and Radius to configure two vlans. Management vlan id of AP and vlan id of clients connecting to IP
for example lets say my AP IP is vlan 130 10.40.130.100 and my clients connecting to it will get vlan id 131 10.40.131.12
I want to be able to accomplish this on my radius - Meraki using radius authentication
my client is authenticating to the radius I am just not getting an IP. it connects and says no internet my IP address is a 169 instead of a 10.40.131.12 IP (these are ex and not actual ip addresses) It states it is VLAN 131 I am seeing this information via the clients tab of my dashboard