Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Issue with AAA server auth req routing

Tribbio
New here
Wednesday
Wednesday

Issue with AAA server auth req routing

Hi everybody.

 

I have a problem with my radius server.

I have an SSID (on the site A), that use a VM with freeradius (on the site B).

Both sites are linked eachother with a VPN connection.

 

On my SSID configuration I put an public address 193.xxx.xxx.95 (which is the ip addres on the VM), in the field MyRadius.

The AAA process seems to work but every time someone try to connect on the site A, the radius server recieve auth request from the public IP of the site A.

 

Therefore, the connection pass through internet insted of VPN connection.

I've already configurated a VPN connection through public ip 193.xxx.xxx.3 (site B).

 

And other SSIDs are able to comunicate with other radius servers (on site B) through VPN, the only difference is that other SSIDs use radius servers configurated with local ip (172.xxx.xxx.xxx).

 

Can someone please tell me how to directing traffic through VPN using 193.xxx.xxx.95?

Thank you.

 

Labels:
0 Kudos
Subscribe
7 Replies 7
RaphaelL
Kind of a big deal
Kind of a big deal
Wednesday
Wednesday

Hi ,

 

Why are you not using the LAN IP of the Radius server ? Is the routing between the 2 sites even working ?

0 Kudos
Subscribe
In response to RaphaelL
Tribbio
New here
Wednesday
Wednesday

Unfortunately the Radius is a VM with only an ethernet interface (configured with public ip). Is It necessary or there's another way to bypass this issue?

 

I mean, I think I could add another interface with a local ip address.

Do u think this will solve the problem?

0 Kudos
Subscribe
In response to Tribbio
RaphaelL
Kind of a big deal
Kind of a big deal
Wednesday
Wednesday

What a weird setup. 

 

You are sending / receiving RADIUS request over the Internet without encryption ( RadSec ) ? 

0 Kudos
Subscribe
In response to RaphaelL
Tribbio
New here
yesterday
yesterday

Yep I know ahahha.

I'm talking abt freeradius, for eduroam service.

 

If u know this service.

0 Kudos
Subscribe
alemabrahao
Kind of a big deal
Kind of a big deal
Wednesday
Wednesday

You have to use your radius private IP instead of the public IP.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Subscribe
In response to alemabrahao
Tribbio
New here
Wednesday
Wednesday

Unfortunately the Radius is a VM with only an ethernet interface (configured with public ip). Is It necessary or there's another way to bypass this issue?

 

I mean, I think I could add another interface with a local ip address.

Do u think this will solve the problem?

0 Kudos
Subscribe
In response to Tribbio
alemabrahao
Kind of a big deal
Kind of a big deal
Wednesday
Wednesday

I highly advise you to do this instead of leaving your server exposed to the internet.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.