Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Meraki Cloud Authentication Times Out and Roaming Issues

SomeTechDude
Conversationalist
‎Oct 12 2022 7:12 PM
‎Oct 12 2022 7:12 PM

Meraki Cloud Authentication Times Out and Roaming Issues

Hello,

 

Hoping someone can help me with this.

 

We're a K12 environment. We recently moved from an Adtran bluesockets to Merakis.

 

We have a MX450 (firmware 17.10), fifteen MX-355-24x2 (firmware 14.33), and 94 MR-56s (firemware 28.7).

 

Since yesterday, one of our SSID with 802.1x Meraki Cloud Authentication for our staff had been working flawlessly. Then around 1pm PST, we started noticing devices unable to authenticate when they roam from one AP to another. The device will try to authenticate, drop, and reconnect again. Some eventually will connect after a few minutes. People who don't roam are fine and stays connected, some don't have any issues at all, and some will take 4 to 5 mins each time to connect back when they move to a different area. 

 

I restarted the MX, our switches, and also our APs. The issue still persists now. We didn't change anything on our end prior to this issue occurring. 

 

I called Meraki support and they said the Meraki Cloud Authentication or dashboard isn't responding and is unreachable, not sure why but it's a known issue(for a few months) and suggest I change the SSID to preshared to authenticate and that they will hopefully address the issue later on. What? But it was working fine before.

 

We're mainly a MacOSx and iOS environment. 

 

We have a preshared key wpa2 SSID and a Google Oauth SSID. Those SSID are working fine.

 

For the SSID with issues: We don't have L3 roaming on since the vlan are the same for staff. Mandatory DHCP is on.

 

These are typical errors we get from the connection logs-

 

Client made an 802.1X authentication request to the RADIUS server, but it did not respond.auth_mode='wpa2-802.1x' vlan_id='3' radius_proto='ipv6' radius_ip='fd0a:9b09:1f7:1:b1db:1d05:14f0:693a' reason='radius_timeout' radio='1' vap='2' channel='161' rssi='49'

 

My macbook pro connection rate is now at 60 and it connects after two or three minutes each time when I roam or sometimes I have to try and refresh the connection.

 

I read somewhere that changing the radius timeout can solve the issue but I don't think the Meraki Cloud Authentication allows this option.

 

What else can I try to troubleshoot this issue? Any help will be greatly appreciated. 

 

 

0 Kudos
Subscribe
2 Replies 2
alemabrahao
Kind of a big deal
Kind of a big deal
‎Oct 12 2022 7:42 PM
‎Oct 12 2022 7:42 PM

Well, like meraki team support said, they have a issue with their Radius server. Is it possible to use a external Radius server (like NPS, freeradius, etc)?
Have you tried to performe a packet capture to see more details?

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Subscribe
In response to alemabrahao
SomeTechDude
Conversationalist
‎Oct 13 2022 7:23 AM
‎Oct 13 2022 7:23 AM

I did a ping test from our APs to the Meraki Cloud Authentication server last night and it was pinging.

 

We currently don't have NPS or freeradius, I'm currently spinning up a freeradius one.

 

Meraki did a packet capture last night and said everything looks good. There was a 14.33.1 update for our switches which I applied earlier in the morning at 2am. I also went ahead and did a reboot of the MX at 1am prior to the update. 

 

I suspect it was the MX that was still hungup on a suspended state and not communicating with the dashboard correctly because the issue was occurring consistently after the initial reboot a day and a half ago. It's just weird that there are no other detailed reporting done by the MX besides going by the timeline of the devices trying to authenticate. All the tools appeared to be working correctly so it was even difficult for the Meraki support to decipher what's going on. I guess that's the caveat of switching to a cloud based system with less controls. 

 

I also turned 802.1r on to Adaptive. 

 

My personal devices are connecting much quicker now this morning when I got in. Will need to do more testing and see. In the mean time also start a new radius server and move away from Meraki's.

 

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.