COA destination IP

Alexs20
Getting noticed

COA destination IP

Hi,

Assuming that I have one AP connected to Meraki cloud, with "MAC-based access control (no encryption)" security mode enabled.

I also have "RADIUS CoA support" option enabled.

What is the destination IP for CoA messages? Is it the same as Meraki console FQDN?

 

Thanks

 

5 Replies 5
PhilipDAth
Kind of a big deal
Kind of a big deal

I don't know the answer - but surely it would be it would be the source of the original RADIUS request - the AP itself.

Alexs20
Getting noticed

That means that I cannot use external RADIUS server (means hosted in internet) as AP sits behind the firewall.

Hmmm, ok, thanks.

Brash
Kind of a big deal
Kind of a big deal

Similar to @PhilipDAth, I also don't know the answer but I think you're right.
CoA would require the RADIUS server sending a request to the AP which isn't really possible without an inbound NAT or proxy.

I initially thought you could look at using the Meraki RADIUS proxy but it doesn't support CoA.

Alexs20
Getting noticed

Looks like I need a little more help.


So, I am trying to talk to AP using radclient utility

 

 

my command is  

 

echo '
Calling-Station-Id = "<MAC redacted>"
NAS-IP-Address = 192.168.2.224
Filter-Id = "PASS"
Event-Timestamp = "1692895863"
cisco-avpair="subscriber:command=reauthenticate"
cisco-avpair="subscriber:reauthenticate-type=rerun"
' | radclient -x 192.168.2.224:3799 coa <secret redacted>

 

 

But there is nothing coming back.

192.168.2.224 - is IP of my AP and this is what i see in Access-Request message when connecting to SSID

 

Any ideas?

Thanks

 

Alexs20
Getting noticed

oh, NM, I found the problem. I had to add my PC IP into the list of radius servers

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels