Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Not connecting using Enterprise with "My RADIUS server"

rhamersley
Getting noticed
‎Nov 16 2023 7:29 AM
‎Nov 16 2023 7:29 AM

Not connecting using Enterprise with "My RADIUS server"

I have 802.1X configured with all my Meraki network switches and works fine.  I just changed my Meraki AP's from Pre-Shared key (PSK) configuration to Enterprise with "My RADIUS server" and will not connect.

 

rhamersley_0-1700148528625.png

 

0 Kudos
Subscribe
11 Replies 11
rhbirkelund
Kind of a big deal
‎Nov 16 2023 7:32 AM
‎Nov 16 2023 7:32 AM

Have you configured your RADIUS server on the SSID, other than just selecting Enterprise with Radius as authentication method?

LinkedIn ::: https://blog.rhbirkelund.dk/

Like what you see? - Give a Kudo ## Did it answer your question? - Mark it as a Solution 🙂

All code examples are provided as is. Responsibility for Code execution lies solely your own.
0 Kudos
Subscribe
rhamersley
Getting noticed
‎Nov 16 2023 7:38 AM
‎Nov 16 2023 7:38 AM

Yes and and the Access Points show green also.   If it was not configured correctly I would see a problem with the AP's.

 

rhamersley_0-1700149099477.png

 

0 Kudos
Subscribe
GIdenJoe
Kind of a big deal
Kind of a big deal
‎Nov 16 2023 7:42 AM
‎Nov 16 2023 7:42 AM

Make sure ALL your AP's have been added as Radius clients on your radius server and that their pre shared key is correct.

Then you should be looking at your radius logs to see what is going on.

You can also capture traffic leaving the AP on the wired port and filter on port 1812 to see the conversation between the AP and the radius server.  You get at treasure trove of information like the AV pairs exchanged.

 

Also you may be not matching the incoming session in your policy list.  Wireless has a different NAS-port type than a switch.

0 Kudos
Subscribe
In response to GIdenJoe
rhamersley
Getting noticed
‎Nov 16 2023 7:45 AM
‎Nov 16 2023 7:45 AM

So appreciative on the response back GldenJoe!!!....I do have the RADIUS clients configured on the RADIUS server and the Pre-Shared Key in each location.

 

Unfortunately I am not familiar on how to capture traffic on a wired port on the network switch.   If you have instructions or a link I can review that would be great so I can try to capture this data.

0 Kudos
Subscribe
In response to rhamersley
GIdenJoe
Kind of a big deal
Kind of a big deal
‎Nov 16 2023 7:53 AM
‎Nov 16 2023 7:53 AM

In dashboard you can go to Network wide -> packet capture.
Then select for Access Points.

Then tag the correct access point.

Then below that you have the option to download the packet capture or view it on screen (download gives the option to view it in wireshark which is better).  And a text box for CAPTURE filters (not display filters).

 

In that box just put the filter: port 1812 and start capturing right before a client connects to the AP on the radius SSID and see the exchange of messages between AP and Radius server.

0 Kudos
Subscribe
In response to GIdenJoe
rhamersley
Getting noticed
‎Nov 16 2023 10:24 AM
‎Nov 16 2023 10:24 AM

Appreciate the assistance....Where is the file created after my packet capture...

 

rhamersley_0-1700159024609.png

 

I started and stopped it.

0 Kudos
Subscribe
In response to rhamersley
rhamersley
Getting noticed
‎Nov 16 2023 10:26 AM
‎Nov 16 2023 10:26 AM

I guess the better question is how do I download this file to my Wireshark??

 

rhamersley_1-1700159195598.png

 

0 Kudos
Subscribe
In response to rhamersley
GreenMan
Meraki Employee
Meraki Employee
‎Nov 16 2023 1:32 PM
‎Nov 16 2023 1:32 PM

It's automatically pushed to your PC via the cloud:   https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Packet_Capture_Overvi...

0 Kudos
Subscribe
rhamersley
Getting noticed
‎Nov 16 2023 7:43 AM
‎Nov 16 2023 7:43 AM

I have all our network switches authenticating to our RADIUS server using 802.1X for authentication for our wired users in the office.   So I would like to get off of the Pre-Shared Key (PSK) for authentication for our wireless environment.   Meraki support person was not able to assist me on this of why this was not connecting my workstation to the SSID.

0 Kudos
Subscribe
In response to rhamersley
alemabrahao
Kind of a big deal
Kind of a big deal
‎Nov 16 2023 7:48 AM
‎Nov 16 2023 7:48 AM

Do you see any logs arriving on your Radius server? Have you tried a packet capture?

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Subscribe
rdominguez
Meraki Employee
Meraki Employee
‎Nov 17 2023 4:04 PM
‎Nov 17 2023 4:04 PM

Hello @rhamersley As @alemabrahao indicated, getting a packet capture and checking logs on your Radius server are good starting points. The packet captures can provide details in terms of whether or not the traffic is reaching the Radius server as well as the responses sent out by the server, if any.

In addition to that, Meraki does have a guide for troubleshooting Radius issues. You can find it here: 
https://documentation.meraki.com/MR/Encryption_and_Authentication/RADIUS_Issue_Resolution_Guide

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.