I did. There's no documentation that says any options related to failover are found or configured in that section, so I wouldn't know what to change there. Which is why I'm asking here. 

When adding both servers, you lose communication with the first server and then try to authenticate on the next server.

The second server is probably missing some configuration.

Have you checked the server logs to validate whether the authentication attempt is occurring?

The fallback behavior depends on the order the servers are listed on the dashboard will dictate the priority of each one, For example:

Server 1 = priority 1

Server 2 = priority 2

Server 3 = priority 3

Where the available server with higher priority will be used (priority 1 is the highest). If Server 1 were to become unreachable, Server 2 would become active, and so on.

If the fallback option is enabled, once the server with higher priority recovers, the AP will switch back to using that preferred (higher priority) server.

It's pretty straight-forward that's how it should work. I read the documentation. It just doesn't work that way which is why I'm here. 

Like I said, I have two working radius servers. If I put either in the #1 slot, I can connect and authenticate just fine. If I stop the service on #1(to simulate an outage), #2 does NOT take over regardless of which radius server it is. The connection on the client device fails(can't connect to SSID)

"the fallback option"

This option is NOT in my options on the Access Control page. It's in the documentation, but I don't see it anywhere including advanced Radius options. 

Have you checked if any requests are arriving in the server logs? Did you do a packet capture?

The problem appears to be on the server.

https://documentation.meraki.com/MR/Access_Control/MR_Meraki_RADIUS_2.0

Ok, so, I contacted Meraki about it. (a previous attempt with them failed to ascertain the issue) The problem is not on our radius servers as confirmed by them. The problem is if you're using Radius and not using the splash page option, the 3-server order in options is irrelevant. Radius failover functionality in this configuration simply doesn't work. I'm putting in an official request for them to add failover support. 

The whole reason I'm exploring the radius server route is to escape the splash page, because the splash page won't always trigger for apple devices, which comprise the majority of our clients. That was the subject of a case with Meraki with many packet captures. The conclusion there by Meraki is that apple doesn't want to share certain information that would aid Cisco in creating a splash page that always triggers for these devices. 

The Advanced Settings section requires all APs support and be running MR28+ firmware.

https://documentation.meraki.com/MR/Access_Control/MR_Meraki_RADIUS_2.0#Advanced_Settings

To view the max runnable firmware for AP models check this page https://documentation.meraki.com/General_Administration/Firmware_Upgrades/Product_Firmware_Version_R...

I found your Support case and see the network linked has older APs some which don't support anything newer than MR26 firmware.

Interesting, but the Meraki support person I just talked to on the phone said it was the fact that I wasn't running Radius for splash page--that failover only worked in that radius configuration. Not sure who to believe now. 

RADIUS for splash is something different. It's when you want a splash page and want it to auth users via RADIUS.

Standard RADIUS doesn't use splash. The order of the RADIUS servers is tried from the top down. The advanced fallback feature allows for the APs to rollback to the higher priority servers when they're reachable. Even without that feature the list is tried top down.

To validate this as a test I configured bogus RADIUS IPs for my #1 and # 2 servers in the list. My clients still auth successfully because the AP tries the first two and fail as expected and it succeeds on server #3. I also tested in an alternate way by having valid RADIUS IPs, but blocking the first and second via a firewall rule.

If the list of multiple servers didn't function a list would be pointless to have in the first place. My recommendation is circle back with Support as it sounds like maybe there's a misunderstanding here.

Here's a snippet from the firewall log showing what occurs when my clients auth. They first try the bogus RADIUS server I have listed as #1 (1.1.1.1). That of course fails and it moves on to the #2 RADIUS server IP which is valid (JumpCloud) and my clients successfully connect. This not relying on RADIUS fallback. This is simply the default behavior of trying alternate RADIUS servers when the first one fails.

I've started a case with three different people in Meraki support, and every time we were unable to make it work. The most recent call, they said it's because Radius for splash supports failover and standard radius does not. He did a packet capture and found that the packets were not even hitting radius server in slot #2, but still hitting #1 only, even though #1 was down.

"If the list of multiple servers didn't function a list would be pointless to have in the first place"

Oh, I wholeheartedly agree. And yet it's there in the non-splash radius setup. 

PCAP from my AP. It shows it first tries the bogus RADIUS server IP I have configured 1.1.1.1. When that fails it rolls to the second server which succeeds.

I would reengage with Support to see why it's not working in your environment.

Support told me why it's not working in my environment--that this will not work with non-splash radius--that in this configuration it doesn't matter what's in slot #2 if slot #1 is down. It just keeps sending packets to the first one and doesn't try the second. I had one of them tell me to submit a feature request. 

You were told wrong.

I'll start one more case, mention that you think it's possible, and I'll report back my findings. 

The second and third RADIUS IPs do work. My PCAP and other info in this thread validate that fact.

None of the 4 other engineers I contacted in support said it could work unless I either do non-splash radius or I get the failover option by getting new firmware. I'm taking their words over yours, because they have actually done packet captures on my network, tested things with me, and you have not. 

It's actually just an MR32. We have a lot of MR32's with locked firmware on this network(and we don't have the budget to upgrade at the moment), so we're not going to be seeing those newer options for the time being. I think I'm just going to set up a radius proxy server, have Meraki point to that, and do the failover/load-balancing functionality on our side.