Meraki

Community

Client IP address not sent to Radius on connect

Nandu
New here
‎Feb 7 2019 8:20 PM
‎Feb 7 2019 8:20 PM

Client IP address not sent to Radius on connect

Hi Team


We are doing Dot1X authentication with Meraki Wireless and ISE. When the client connects using dot1x the authentication success message is sent to ISE however the IP address which it received after authentication is not sent. Now we understand that probably during authentication IP address might have not been assigned so we have to rely on Interim update. 

 

The question is what is the size of packet for this interim update packet and does the interim update packet is being sent by AP for each clients which means number of clients multiplied is equal to number of interim updates.

 

Regards

 

0 Kudos
1 Reply 1
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Feb 7 2019 9:35 PM
‎Feb 7 2019 9:35 PM

Correct - the IP addresss is not known at the point the client is being authenticated.

 

The RADIUS server sends back an ACCESS_ACCEPT message to the AP to say to let the client connect - and that is the end of the authentication process.  There is nothing to send back the clients IP address.

 

 

You could potentially enable RADIUS Accounting - and that might send you the extra info you are after.

https://documentation.meraki.com/MR/Encryption_and_Authentication/Configuring_RADIUS_Authentication_...

The documentation says only START and STOP messages are sent, which are at the beggining and end of every client session.  The packets would not be very big.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.