Changing Radius Timeout in Meraki APs for Radius Authentication

Madhan_kumar_G
Getting noticed

Changing Radius Timeout in Meraki APs for Radius Authentication

Hi,

 

Greetings.  We are testing wireless client Radius Auth to windows NPS coupled with MFA from Microsoft Authenticator.

 

In one of the Meraki docs, I did found that Radius timeout to be increased from default 10 seconds to 60 seconds for DUO MFA. So, I am assuming the same applies to any MFA.

 

Since my setup has only APs, I don't see a explicit setting where this can be changed. Is there a way to change the Radius timeout, using API scripts or the Meraki TAC help required to change it in the code. Pls suggest. Thanks.

7 Replies 7
Brash
Kind of a big deal
Kind of a big deal

You make the change in the Meraki dashboard under Wireless -> Access Control.

Select the SSID you want to make the change to and look for "Advanced RADIUS settings"

Brash_0-1673560172505.png

 

One other thing to be aware of is that the RADIUS server also has a timeout of how long to wait for the MFA response.

Azure MFA with NPS - 20 seconds timeout extension - Microsoft Q&A

Madhan_kumar_G
Getting noticed

Hi Brash,

 

Thanks for your immediate response. Let me change this Server time out field and check for any improvements. Will let you know.

Madhan_kumar_G
Getting noticed

Hi Brash,

 

The Server Timeout can be in the range of 1 to 10 only it seems. I am getting attached error on trying value 60.

Screenshot_20230113-033703~2.png

ww
Kind of a big deal
Kind of a big deal

The max radius timeout for wifi is 10 seconds. When using the new mr access control page you should be able to tune advanced radius settings.

https://documentation.meraki.com/MR/Access_Control/MR_Meraki_RADIUS_2.0#Server_Timeout_and_Retry_Cou...

 

Also read https://community.meraki.com/t5/Wireless-LAN/MFA-Azure-for-SSID-Access/m-p/136766

Madhan_kumar_G
Getting noticed

Hi WW,

 

Thanks for your response. Server timeout is allowing between the values 1 and 10 only.

Brash
Kind of a big deal
Kind of a big deal

Just to add to this, I'd probably steer clear of using MFA for wifi auth.
It can be a frustrating experience for users, and from what I've heard it can be a pain when roaming or at wifi signal boundaries.

RaphaelL
Kind of a big deal
Kind of a big deal

I have always wondered why they are soooooo different from Aironet.

Get notified when there are additional replies to this discussion.