Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Meraki hosted radius EAP failure

Solved
GIdenJoe
Kind of a big deal
Kind of a big deal
‎Jan 26 2022 12:06 AM
‎Jan 26 2022 12:06 AM

Meraki hosted radius EAP failure

Hi, could someone confirm that there possibly was a change in the security policy of Meraki radius on the AP's?

 

I have a customer that works with older scanners that use Meraki radius to join the SSID but started failing since yesterday.

 

An OTA was not possible but I could capture from the AP that the user was trying and thus I only have upstream packet capture.  This showed that the scanners associate but stop at the EAP client handshake.  I see modern cipher sets but only older TLS versions in use.  Could this be it?

 

GIdenJoe_0-1643184373447.png

 

Labels:
0 Kudos
Subscribe
1 Accepted Solution
Nordinio
Conversationalist
‎Jan 26 2022 8:16 AM
‎Jan 26 2022 8:16 AM

We have the same issue with the Meraki Radius server and It's confirmed by the Meraki support desk that they have a global issue in their platform. They are working on a solllution with high priority.

View solution in original post

0 Kudos
Subscribe
6 Replies 6
Nordinio
Conversationalist
‎Jan 26 2022 8:16 AM
‎Jan 26 2022 8:16 AM

We have the same issue with the Meraki Radius server and It's confirmed by the Meraki support desk that they have a global issue in their platform. They are working on a solllution with high priority.

0 Kudos
Subscribe
In response to Nordinio
mbatwork
Conversationalist
‎Jan 28 2022 5:44 AM
‎Jan 28 2022 5:44 AM

@Nordinio , have you heard anything back? I have switched something over to wired for the time being, and am waiting on this forum post before attempting to put it back on wireless. Thanks!

0 Kudos
Subscribe
In response to mbatwork
Nordinio
Conversationalist
‎Jan 31 2022 11:42 AM
‎Jan 31 2022 11:42 AM

Issue was restored by Meraki on the 26th of January at around 20:45 H CET.

There was a proprietary issue on their backend which began causing issues for clients that were only capable of using TLS1.0 or 1.1. 

Clients capable of using TLS 1.2 continued working as expected.

Subscribe
In response to Nordinio
Rod_F
Conversationalist
‎Jan 31 2022 9:29 AM
‎Jan 31 2022 9:29 AM

Hi Nordinio, we experience an outage as of 1/25/22.  The several times I contacted Meraki they did not indicate an outage, although our SSID that authenticates against our NPS server stopped working since then.  Our PSK SSIDs were not affected.  I found the post below that finally solved our problem  Not sure where the MTU size was change, the provider or whatever.  On the post they had Meraki change the MTU size to lower than 1500.  I went our NPS server and changed our network policy (Settings tab) and under Standard added Frame-MTU and set it to 1344 and that resolved our problem.  I'll adjust that amount up later to see how high I will still work but it got this going again.  I hope this helps someone.  Thank you.   https://community.meraki.com/t5/Wireless-LAN/802-1X-EAP-failure-with-Windows-AD-Radius-Help/td-p/319...

0 Kudos
Subscribe
BlakeRichardson
Kind of a big deal
Kind of a big deal
‎Jan 26 2022 10:07 AM
‎Jan 26 2022 10:07 AM

I think Meraki really needs to add a global status page to the supprot section of their main website. Users shouldn't have to get in touch with support to find out there is an outage. 

 

Just about every other cloud based system I use has a system / service status page available to customers to check if they are having issues. 

btr.net.nz
Subscribe
GIdenJoe
Kind of a big deal
Kind of a big deal
‎Jan 26 2022 12:01 PM
‎Jan 26 2022 12:01 PM

Ok thanks for sharing your experience @Nordinio .

 

The issue was not happening with windows based clients at that time so it's very specific to certain ways of TLS session building.

 

As a follow up question. 
I noticed that there was no traffic going towards the cloud from the AP while the client was attempting to authenticate.  Is it so that users are stored inside the AP's instead of AP's reaching out to the cloud every time a new auth comes in.

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.