Meraki

Randomizate

Good morning,
I have an SSID with:
- Open security
- Authentication with Splash Page and Sign-on with Radius (Azure)
- External DHCP server for clients
- Valid accounts are assigned for 30 days

I notice that with Windows and Android devices, the accounts work correctly, but with Apple devices, every time the device loses connection, it asks for a new authentication through the Splash Page even though the log indicates that users have been assigned 2,592,000 seconds (30 days).
Is there any solution so that Apple devices do not request new authentications?

Randomizate

Sharing that I have already found the problem with the re-authentications of devices.
It is important to highlight that these re-authentications occurred on Windows, Android, and Apple devices, but they were more clearly and recurrently presented on Apple devices.

The solution lies in the "Data-Carrier Detect" parameter in the RADIUS section of the SSID.
This parameter is disabled by default, thus it does not force a new authentication every time the device loses connectivity with the SSID.

Thanks to everyone for the suggestions!

View solution in original post

cmr

Do the Apple devices have MAC randomisation on? If they do then this needs to be set to retain a particular MAC for the SSID, or turned off completely. Otherwise the network sees the device as a new one each time.

If my answer solves your problem please click Accept as Solution so others can benefit from it.

Kevin_Monsta

change the mac address to 'Use Mac Device'

alemabrahao

This is what @Kevin_Monsta is talking about.

https://dhcp.msu.edu/help/randommac.html

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

Randomizate

Thanks for the suggestions, I’m going to try them on some devices and I’ll share the results.

Randomizate

Hello,
I have been conducting various tests without success. We have changed on the Apple devices to always use the same MAC address, or MAC addresses in "off" mode, and the response is the same: Every time an Apple device disconnects from the network and reconnects, it requires authentication.

I am going to try to create a sponsored SSID to rule out RADIUS Authentication and report the results.

Randomizate

Sharing that I have already found the problem with the re-authentications of devices.
It is important to highlight that these re-authentications occurred on Windows, Android, and Apple devices, but they were more clearly and recurrently presented on Apple devices.

The solution lies in the "Data-Carrier Detect" parameter in the RADIUS section of the SSID.
This parameter is disabled by default, thus it does not force a new authentication every time the device loses connectivity with the SSID.

Thanks to everyone for the suggestions!

alemabrahao

I just checked here and the parameter is enabled by default; you probably disabled it at some point.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

Randomizate

Right, by default it is set to Enable and I have changed it to Disable so that it does not ask me for new authentications for users who are already authenticated.

Meraki

Community

Apple users lose authentication

Apple users lose authentication