RADIUS accounting issue - Meraki only sending Start packets, not Interim/Stop

jamesw
Getting noticed

RADIUS accounting issue - Meraki only sending Start packets, not Interim/Stop

Since 12/13 April we've seen an issue across our customer estate (both In Europe and Americas) where the Meraki Cloud RADIUS client has stopped sending us Accounting Interim and Stop packets. We do get the Start packet, however. This is for captive portal authentications (not WPA2-Enterprise)

 

This causes a problem because the Interim and Stop packets are needed to read the attributes that include how long the session length was, and how much download/upload usage for the session etc.

 

The Start packet looks like:

 

        User-Name = "abc123"
        NAS-IP-Address = 209.206.50.44
        NAS-Port = 0
        Service-Type = Login-User
        Framed-IP-Address = 10.3.8.112
        Called-Station-Id = "E4-55-A8-AA-BB-CC:ssid"
        Calling-Station-Id = "A6-96-DA-AA-BB-CC"
        NAS-Identifier = "Meraki Cloud Controller RADIUS client"
        NAS-Port-Type = Wireless-802.11
        Acct-Status-Type = Start
        Acct-Delay-Time = 0
        Acct-Session-Id = "825284631727869728"
        Event-Timestamp = "May 19 2023 20:33:37 UTC"
        NAS-Port-Id = "Wireless-802.11"
        Meraki-Device-Name = "AP-Name-Here"
        Authenticator-Field = 0x8c8d2982acee4ebbc1bd4c877dab3776

 

Normally, once the Start packet occurs, Interim updates are sent every five minutes until such a time when the session ends, then a Stop packet is sent. We're not receiving these packets at all, across hundreds of different customers. We're performed a raw packet capture on our RADIUS server(s) and the packet doesn't even reach us, so the Meraki Cloud is not sending them.

 

Anyone else seeing this behaviour?

 

Thanks,

 

James

2 Replies 2
BlakeRichardson
Kind of a big deal
Kind of a big deal

Have you opened a support ticket, given you are using cloud radius which I am assuming you mean Radius proxy you would need support involved to make sure the proxy is sending that information. 

Yeah, got a ticket open but their support not yet finding anything, even though it has to be 100% the Meraki RADIUS cloud as it is that which sends the RADIUS packets out (not the AP or from customer premise)

 

It's not the specific RADIUS proxy option, but when you enable splash page with RADIUS authentication, all RADIUS traffic comes from the Meraki cloud

Get notified when there are additional replies to this discussion.