Radius event log entries, but no radius server setup

kredmore
Getting noticed

Radius event log entries, but no radius server setup

Meraki support can't explain this (they are investigating), so thought I would ask here:

 

No radius server setup in dashboard, but event Log has many Radius server entries with iPhones, see screen shots. 

 

Any idea why the event log entries?

 

Screenshot 2018-07-24 at 12.06.47 PM.pngScreenshot 2018-07-24 at 12.07.25 PM.png

23 Replies 23
jdsilva
Kind of a big deal

What the the details of the message hidden in the "more" link?

 

I want to say that this iPhone is sending unsolicited RADIUS messages but those wouldn't be "response" messages I wouldn't think.

kredmore
Getting noticed

not much in the "more link, see below.

 

I can't find any information about iPhones sending RADIUS messages unless the wifi network is setup for it.

 

Screenshot 2018-07-24 at 12.23.47 PM.png

ww
Kind of a big deal
Kind of a big deal

only 1 phone? did you reboot this phone?

kredmore
Getting noticed

multiple devices show this, and yes have rebooted the devices, even reset the network settings.

Rudi
Getting noticed

Looks like one is generated every time the device roams - most likely related to 802.11r: Adaptive since you mention it seems to be only iPhones.
kredmore
Getting noticed

Agreed on the roaming and thought of that too, but I can’t find any information that 802.11r adaptive is related to RADUIS without RADIUS server configured with 892.11x.

PhilipDAth
Kind of a big deal
Kind of a big deal

Apart from WiFi, do you have any other Meraki kit (which could have a RADIUS configuration on them)?

kredmore
Getting noticed

Nothing else.  This is weird....

BlakeRichardson
Kind of a big deal
Kind of a big deal

Have you run a packet capture to find out where the the traffic is coming from?

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
Adam
Kind of a big deal

Do you need 802.11r or can you try disabling that?

Adam R MS | CISSP, CISM, VCP, MCITP, CCNP, ITILv3, CMNO
If this was helpful click the Kudo button below
If my reply solved your issue, please mark it as a solution.
kredmore
Getting noticed


@Adam wrote:

Do you need 802.11r or can you try disabling that?


I have already tried disabling and the RADIUS messages stop.  But why?  802.11r is helpful to have enabled.

jdsilva
Kind of a big deal

802.11r is really only useful in a wireless VoIP deployment. The rest of the time... Meh. It doesn't really affect the user experience.

PhilipDAth
Kind of a big deal
Kind of a big deal

I disagree.  I much prefer using 802.11r, even for just notebook deployments.  The seamless roaming is - excellent.

jdsilva
Kind of a big deal

Oh c'mon. What are you doing on your laptop, while moving, that you can actually tell the difference?

BlakeRichardson
Kind of a big deal
Kind of a big deal

@jdsilva I am guessing you haven't worked in large campus environments were users with laptops roam around site.  Without 802.11r client devices are much more likely to hang onto an access port even though there might be one closer with much better signal and throughput. 

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
jdsilva
Kind of a big deal

Hi @BlakeRichardson. That's not a very nice thing to assume. Shame on you for your baseless accusations! 😉

I also think you're thinking about 802.11k, or perhaps 802.11v, not 802.11r. r has nothing at all to do with clients roaming decisions.

BlakeRichardson
Kind of a big deal
Kind of a big deal

@jdsilva  802.11R is related to wireless handover, I was suggesting that without it client devices make the decsion and often they hang onto accesspoints for longer than they should.

 

This is a common problem I have seen over the years. 802.11r is a feature to help reduce this.

 

 

In an education environment you need wireless handover to be as seamless as possible especially with a large campus.  Unless you haven't updated firmware sinc the Krack attack was discovered I see no reason why you wouldn't use this feature. 

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
jdsilva
Kind of a big deal

Clients always make the decision. 802.11r doesn't change that. 802.11r doesn't even influence that.

 

You're talking about 802.11k.

 

https://documentation.meraki.com/MR/WiFi_Basics_and_Best_Practices/802.11k_and_802.11r_Overview#How_...

 

 

kredmore
Getting noticed

Curious if anyone else has RADIUS events with having a RADIUS server setup?

Rudi
Getting noticed


@kredmore wrote:

@Adam wrote:

Do you need 802.11r or can you try disabling that?


I have already tried disabling and the RADIUS messages stop.  But why?  802.11r is helpful to have enabled.


I'm not sure what you're after since you know the cause of the messages... Either it's something to do with how the Meraki implements the tagging of the 802.11r messages, or 802.11r really does use a RADIUS message.

kredmore
Getting noticed


@Rudi wrote:

@kredmore wrote:

@Adam wrote:

Do you need 802.11r or can you try disabling that?


I have already tried disabling and the RADIUS messages stop.  But why?  802.11r is helpful to have enabled.


I'm not sure what you're after since you know the cause of the messages... Either it's something to do with how the Meraki implements the tagging of the 802.11r messages, or 802.11r really does use a RADIUS message.


I'm trying to understand why the RADIUS even messages are showing, and showing failed auth messages in Wireless Health>Failed Connections.  Disabling 802.11r can make them stop, but from my research there is no connection between 802.11r and RADIUS servers.  Even Meraki support can't figure out why (yet). From what I can tell, the devices are spinning on failed auth attemps, delaying their wifi connections.  Sometimes it's very quick and not-noticeable, but other times it's minutes causing user frustration.  Hope that helps.

kredmore
Getting noticed

Looking a bit closer, I now have 802.11x auth fail messages for a chromebook, which should not be effected by 802.11r as adaptive.  

kredmore
Getting noticed

Yes, packet capture (monitor mode) has been done and sent to Meraki support about a week ago for investigation.  First line support sees the RADIUS related info, but doesn't know why.  Here's a link to it.

 

Packet Capture

Get notified when there are additional replies to this discussion.