Meraki Community

I have 30.7 in production and a test lab on 31.1.2 no issues with radius, I am using Cisco ISE as radius.

can you share more information like, if you are seeing logs on radius and share the logs to understand why radius authentication is failing.

Hi jpeterprarch,

There is an issue in the 30.7 firmware, under very specific configurations, whereby client balancing rejects clients. This may be what you were seeing when you upgraded.

If you have not already, I would recommend raising a case with Meraki support so they can assist with troubleshooting this issue to help determine whether you were indeed affected by this.
Details on how to raise a case through dashboard or to call the support line can be found within the 'Get help & cases' page which is accessible in the ? icon menu in dashboard.

30.7 broke Radius for my org as well

Hi ,

Adding to this as well, we have upgraded to 30.7 and have seen two networks with the same issue, generic Association errors with SSIDs with Radius Auth. Running Windows NPS. Will Raise a support ticket to investigate. 

@skunkytoots and @Brad39 do you both have client balancing enabled on the affected networks ?  I've scheduled 30.7 upgrades for next week and we run NPS Radius but we don't use client balancing

Thanks

We had the exact same issue. The only solution was to rollback.

I've decided to postpone my planned rollout of 30.7.  Although we don't use client balancing, @Brad39 stating that turning off client balancing didn't solve the issue is enough for me to be nervous about this, despite me running 30.7 in a small live environment (2 x MR44's) for the past week without issues with radius auth (my normal live test firmware update environment)

It’s a strange one, in the end this looks to have only affected 2 out of around 30 networks in our org, all very similarly configured. We are just going to hold off on 30.7 for those two and possibly jump to the next release.

I have got also issues with Cisco ISE 3.2 Errors occured since ugrading ISE from 2.7 to 3.2 and Meraki MR30.6 to MR30.7

Had this exact issue going from 29.X to 30.7.  Any SSID using radius was broken.  We backend with ISE.  Rolled back to fix for now.

Similar experience here after seven networks with MR42 (and some MR86) APs upgraded from MR 29.5.1 to MR 30.7 overnight.

We have various SSIDs configured across the seven networks in question.

We experienced at least two networks where an SSID configured for Identity PSK with RADIUS did not permit clients to move past the association step.

Event logs showed clients attempting to associate but never moving to the wpa_auth step. After not too long, associations from clients on the SSID in question were failing with reason code 17.

Finding this thread (and another thread on Reddit), we disabled client balancing and the symptoms subsided.

The remaining networks that have an SSID configured for Identity PSK with RADIUS do not currently have active clients that would be attempting to use that SSID, so we don't yet know if they're affected.

Like others, we've opened a case with Meraki support to report the issue and seek more details.

Being reported on Reddit

https://www.reddit.com/r/meraki/comments/1e35rty/mr_307_causes_association_error_17/

I'm gonna hold of upgrading until confirmed fixed in future release

 this seems specific to the AP model , we have MR57 and 30.7 with no issues . However other offices with mr33 do have issues. Meraki have not been very forthcoming with support