Radius Connection Issue

Claire_S
New here

Radius Connection Issue

Hi

 

We've been running on Radius wifi through an NPS for a while without issue, last Thursday the NPS server was rebooted and since then we've been unable to connect via Radius

 

All of the necessary certificates are still in place, shared secrets are the same and have been re-confirmed, and testing the radius connection from the SSID on meraki fails for all 3 AP's.

 

The NPS server pings from all AP's on the meraki dashboard, the server itself looks fine and there have been no changes to it apart from the reboot. We have tried subsequent reboots but no change.

 

There are no logs whatsoever on the NPS to show any connection attempts being made since the reboot, which sounds like the connection attempts are not reaching the server at all as it should be logging both failed and successful connections.

 

Has anyone seen this before?

 

Thx

4 REPLIES 4
KarstenI
Kind of a big deal

Not seen this before. But I would start the following way:

  • Capture the RADIUS-traffic on the port to the NPS. There you see if the traffic reaches the NPS and if the server answers.
  • If there is only the RADIUS ACCESS-REQUEST and no ACCESS-CHALLENGE coming back, then the NPS refuses to talk to the AP.
  • If there is an ACCESS-CHAlLENGE coming back, look into the *next* ACCESS-REQUEST. The reason could be quite clear in the packet if the client refuses to talk to the NPS.
  • If the NPS directly  returns an ACCESS-REJECT, then it is matching a policy that denies access.

Thanks Karstenl

 

The capture shows one original "Access-Request" plus 2 more "Duplicate Request" entries no doubt due to it re-trying the connection, but there's no follow up Access-Challenge.

 

Thanks, I'll see if I can find out why it's not talking to the AP's

PhilipDAth
Kind of a big deal

The #1 most common cause of this is the certificate has expired on the NPS server.

BlakeRichardson
Kind of a big deal

Windows update installed any updates at the same time it rebooted?

Meraki CMNO, Ruckus WISE, Sonicwall CSSA, Allied Telesis CASE & CAI
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.