Meraki

Community

RadSec Keep-Alive mechanism not effective for all RadSec servers

fkm-gk
Here to help
‎Mar 17 2025 6:27 PM
‎Mar 17 2025 6:27 PM

RadSec Keep-Alive mechanism not effective for all RadSec servers

 

We have noticed that the RadSec Keep-Alive feature is currently implemented by triggering period empty TCP headers with ACK flag. While this is sufficient to keep TLS sessions open with most (intermediate) firewalls, some RadSec server implementations require application data (Status-Server) messages to be delivered for them to keep the session open (freeRADIUS, RADIUSaaS). Hence, the feature might be uneffective in some cases.

 

Based on this, is there a possibility for Meraki to making this feature more robust by sending Status Server messages?

 

------------------------------------------------------------------

Initially posted here: https://community.meraki.com/t5/API-Early-Access-Discussions/RadSec-Keep-Alive-mechanism-not-effecti...

Labels:
0 Kudos
1 Reply 1
MaghM
Meraki Employee
Meraki Employee
‎Mar 18 2025 3:26 AM
‎Mar 18 2025 3:26 AM

Status-Server packets are sent by a RADIUS client to a RADIUS server in order to test the status of that server.
The Status-Server packet is not a "Keep-Alive" as discussed in [RFC2865], Section 2.6.

If you found this post helpful, please give it kudos. If my answer solved your problem, click "accept as solution" so that others can benefit from it.
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.