Meraki

Community

802.1X RADIUS failed

MAKA
New here
‎Nov 14 2023 8:28 AM
‎Nov 14 2023 8:28 AM

802.1X RADIUS failed

My users are getting intermittent 802.1X RADIUS failed errors every so often throughout the day.

disconnect last 1-2 secs enough to drop a call or lose internet connection..

anyone experience these types of issues?

 

0 Kudos
7 Replies 7
RaphaelL
Kind of a big deal
Kind of a big deal
‎Nov 14 2023 8:34 AM
‎Nov 14 2023 8:34 AM

Hi ,


We are missing a lot of info here.

 

What version are you running ?

What firmware version are you running ?

What AP models ?

SSID Configurations ?

802.11r enabled ?

Any logs from Wireless health ?

In response to RaphaelL
MAKA
New here
‎Nov 14 2023 10:13 AM
‎Nov 14 2023 10:13 AM

What version are you running ?  MR 29.4.1

What firmware version are you running ?

What AP models ? MR 44 

SSID Configurations ? 802.1X with radius

802.11r enabled ?

Any logs from Wireless health ?  

Client xxxxxxx had a failed connection to SSID XXXX during authentication because the auth server rejected the auth request.
802.11 REASON (CODE 23)
802.1X RADIUS failed

PhilipDAth
Kind of a big deal
Kind of a big deal
‎Nov 14 2023 9:57 AM
‎Nov 14 2023 9:57 AM

A RADIUS failure is usually related to ether the RADIUS server or the device.

 

What does the RADIUS server log say?  Did it see the request?  Did it decline the request, and if so, what reason did it give?

What does the client event log say?

In response to PhilipDAth
MAKA
New here
‎Nov 14 2023 10:25 AM
‎Nov 14 2023 10:25 AM

Event 5400 Authentication failed
Failure Reason 15039 Rejected per authorization profile
Resolution Authorization Profile with ACCESS_REJECT attribute was selected as a result of the matching authorization rule. Check the appropriate Authorization policy rule-results.
Root cause Selected Authorization Profile contains ACCESS_REJECT attribute

 

even tho we get the message above, user reconnects within seconds - issue is that the disconnect happens frequent throughout the day 

 

we are looking at increasing timeout setting to 5 secs from 1 sec.

0 Kudos
In response to MAKA
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Nov 14 2023 11:22 AM
‎Nov 14 2023 11:22 AM

I wouldn't worry about the timeouts while your RADIUS server is saying it is refusing the connection.  What about your authorization profile is causing it to reject the connection?

 

What is your RADIUS server?  Cisco ISE?  Something else?

0 Kudos
In response to PhilipDAth
MAKA
New here
‎Nov 14 2023 11:40 AM
‎Nov 14 2023 11:40 AM

We use Cisco ISE, as for the auth profile we only have one for all our internal users.

 

The weird thing is that the user actually is able to connect but randomly gets disconnected a few times throughout the day. The disconnect is 2-3 secs  

 

 

0 Kudos
In response to MAKA
Iherrera
New here
a month ago
a month ago

Hola, 

 

Logró resolver este problema? De ser así, Como lo soluciono? 

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.