MX fails to test radius

PatTheCat
Comes here often

MX fails to test radius

hi,

 

so I have a remote site, it's using meraki APs, specifically MX46.

 

I have 1 radius in HQ, we're using microsoft NPS and 1 radius in the remote site, so local to the MX46.

 

when from the dashboard I try to test the radius connection to the nps in the HQ, it will fail randomly some of them so over 14 ap, once 3 will fail then again 8 will fail then 6 will fail etc...

but when I do the same test with the nps that's local to the MX, 100% success rate.

 

ping time between the site and HQ is 70ms, no packet loss. configuration of the NPS is all good...

 

anyone else had this issue?

thanks.

5 Replies 5
alemabrahao
Kind of a big deal
Kind of a big deal

I believe it is MR46 correct? It could be an MTU issue. Did you do a packet capture?

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
alemabrahao
Kind of a big deal
Kind of a big deal

Are the APs registered as the correct Radius client?
 
Is the secret key correct?
 
Have you done any additional testing?
I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
PatTheCat
Comes here often

all config is correct.

 

in the nps on the HQ side in the nps logs, I see success from the mr46 that can connect, it's as if the others that fail don't even hit the nps.

 

no packet capture so far as to not sure what I'm looking for.

 

my client is 10.0.0.0/8 so all aps are part of that client so I know that's good.

secret is good.

 

as I explained, once 4 mr46 will connect to HQ nps, next test, 10 will connect, next test 6 will connect... so doubt it's MTU.

 

but locally no issue, they will all 14 connect all the time when nps is on the local network of the remote site.

alemabrahao
Kind of a big deal
Kind of a big deal

I suggest you open a support case. 

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
PatTheCat
Comes here often

yeah probably what we'll do. thanks.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels