Tracking down devices that are failing Radius authentication

SOLVED
Rexter
New here

Tracking down devices that are failing Radius authentication

I have been trying to track down a few devices that have an employee's old password in the wifi settings, and the employee accounts keep getting locked out due to the devices constantly trying to connect with the bad user info. Which event in the Meraki Event logs specifies a failed authentication due to a bad password?

1 ACCEPTED SOLUTION
DashboardDunce
Meraki Employee

@Rexter !

 

A Lot of options here!

Personally, I would check with your system's admin to see what computers they've logged into in the last few months and grab the computer name/hostname. That might be easiest to search on the dashboard as that name will be the default name for the laptop. (Search clients with Network-Wide --> Clients --> Search)

DashboardDunce_2-1634143782196.png

 

 

You, could always search Event Logs for RADIUS all the events... but what might be more targeted is jump into Wireless --> Health.

 

There you'll be able to click on authentication to sort all the clients of those who are FAILING to auth: (In yellow)

DashboardDunce_0-1634143480827.png

 

Once there, you'll notice it jumped you to the Connection Log tab on the top and filtering by Failure Step --> Authentication. From here, you could filter out specific SSIDs that would give you a more focused view on what devices are failing to auth and hopefully can correlate the hostnames you've gotten from your system's admin!

 

See below what that page looks like within Health:

DashboardDunce_1-1634143670339.png

 

Let me know how it goes!

 

 

View solution in original post

2 REPLIES 2
DashboardDunce
Meraki Employee

@Rexter !

 

A Lot of options here!

Personally, I would check with your system's admin to see what computers they've logged into in the last few months and grab the computer name/hostname. That might be easiest to search on the dashboard as that name will be the default name for the laptop. (Search clients with Network-Wide --> Clients --> Search)

DashboardDunce_2-1634143782196.png

 

 

You, could always search Event Logs for RADIUS all the events... but what might be more targeted is jump into Wireless --> Health.

 

There you'll be able to click on authentication to sort all the clients of those who are FAILING to auth: (In yellow)

DashboardDunce_0-1634143480827.png

 

Once there, you'll notice it jumped you to the Connection Log tab on the top and filtering by Failure Step --> Authentication. From here, you could filter out specific SSIDs that would give you a more focused view on what devices are failing to auth and hopefully can correlate the hostnames you've gotten from your system's admin!

 

See below what that page looks like within Health:

DashboardDunce_1-1634143670339.png

 

Let me know how it goes!

 

 

View solution in original post

There it is! I was not aware of the Wireless Health. Perfect, thanks!

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.