Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

RADIUS accounting issue - Meraki only sending Start packets, not Interim/Stop

jamesw
Getting noticed
‎May 19 2023 1:36 PM
‎May 19 2023 1:36 PM

RADIUS accounting issue - Meraki only sending Start packets, not Interim/Stop

Since 12/13 April we've seen an issue across our customer estate (both In Europe and Americas) where the Meraki Cloud RADIUS client has stopped sending us Accounting Interim and Stop packets. We do get the Start packet, however. This is for captive portal authentications (not WPA2-Enterprise)

 

This causes a problem because the Interim and Stop packets are needed to read the attributes that include how long the session length was, and how much download/upload usage for the session etc.

 

The Start packet looks like:

 

        User-Name = "abc123"
        NAS-IP-Address = 209.206.50.44
        NAS-Port = 0
        Service-Type = Login-User
        Framed-IP-Address = 10.3.8.112
        Called-Station-Id = "E4-55-A8-AA-BB-CC:ssid"
        Calling-Station-Id = "A6-96-DA-AA-BB-CC"
        NAS-Identifier = "Meraki Cloud Controller RADIUS client"
        NAS-Port-Type = Wireless-802.11
        Acct-Status-Type = Start
        Acct-Delay-Time = 0
        Acct-Session-Id = "825284631727869728"
        Event-Timestamp = "May 19 2023 20:33:37 UTC"
        NAS-Port-Id = "Wireless-802.11"
        Meraki-Device-Name = "AP-Name-Here"
        Authenticator-Field = 0x8c8d2982acee4ebbc1bd4c877dab3776

 

Normally, once the Start packet occurs, Interim updates are sent every five minutes until such a time when the session ends, then a Stop packet is sent. We're not receiving these packets at all, across hundreds of different customers. We're performed a raw packet capture on our RADIUS server(s) and the packet doesn't even reach us, so the Meraki Cloud is not sending them.

 

Anyone else seeing this behaviour?

 

Thanks,

 

James

0 Kudos
Subscribe
2 Replies 2
BlakeRichardson
Kind of a big deal
Kind of a big deal
‎May 21 2023 1:53 PM
‎May 21 2023 1:53 PM

Have you opened a support ticket, given you are using cloud radius which I am assuming you mean Radius proxy you would need support involved to make sure the proxy is sending that information. 

btr.net.nz
Subscribe
In response to BlakeRichardson
jamesw
Getting noticed
‎May 22 2023 12:33 AM
‎May 22 2023 12:33 AM

Yeah, got a ticket open but their support not yet finding anything, even though it has to be 100% the Meraki RADIUS cloud as it is that which sends the RADIUS packets out (not the AP or from customer premise)

 

It's not the specific RADIUS proxy option, but when you enable splash page with RADIUS authentication, all RADIUS traffic comes from the Meraki cloud

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.