Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Radius Authentication Errors

Bohodir
Just browsing
3 weeks ago
3 weeks ago

Radius Authentication Errors

Hello Community,

 

We are having intermittent Radius authentication issues last couple month now. Here is some background regarding our configuration:

 

We have 2 SSID is setup across all offices which are xxx_CORP and xxx_GUEST. 

xxx_GUEST is based on permanent password authentication and works without issues.

However xxx_CORP is configured with Radius Authentication with certificate, and our radius

provider is radius-as-a-service.com. Intermittently our corporate devices like laptops are having 

issues to connect. When I pull Meraki portal logs regarding authentication I see lots of these errors:

 

Client made an 802.1X authentication request to the RADIUS server, but it did not respond.auth_mode='wpa2-802.1x' vlan_id='50' radius_proto='ipv4' radius_ip='127.0.0.1' reason='radius_timeout' reassoc='1' radio='1' vap='0' channel='44' rssi='42'

 

With radius server we use secure radius configuration utilizing RadSec over TCP. I wondering why in the logs showing radius

server address as "127.0.0.1" why not actual radius server address configured ?

If anybody have any advice or experience I really appreciate your input.

 

Thank you very much.

0 Kudos
Subscribe
6 Replies 6
alemabrahao
Kind of a big deal
Kind of a big deal
3 weeks ago
3 weeks ago

Have you had any recent firmware updates?
 
If so, which version are you running? Have you tried with another firmware version?
 
I also suggest you open a support case.
I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Subscribe
Bohodir
Just browsing
3 weeks ago
3 weeks ago

Thank you @alemabrahao for quick response, here is firmware info:

 

Current version: MR 30.6

 

We upgraded couple month ago that also kind a aligns with radius issues, I have to check.

0 Kudos
Subscribe
PhilipDAth
Kind of a big deal
Kind of a big deal
3 weeks ago
3 weeks ago

What does the RADIUS server log show?  Is it seeing the authentication request coming in?  Is it allowing it or denying it (and if deny, why)?

0 Kudos
Subscribe
In response to PhilipDAth
Bohodir
Just browsing
3 weeks ago
3 weeks ago

Hey PhillipDath.

 

No unfortunately I do not see deny requests on Radius server. Especially from devices it has been issues. That's baffling me.

0 Kudos
Subscribe
In response to Bohodir
alemabrahao
Kind of a big deal
Kind of a big deal
3 weeks ago
3 weeks ago

In your place I would try to downgrade or upgrade to another version just to test. It would be interesting to request support from Meraki support.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Subscribe
kchand
Meraki Employee
Meraki Employee
2 weeks ago
2 weeks ago

Hello,

It is expected to observe 127.0.0.1 IP address while using the RADSec over TCP. Did you notice if the Access-Request messages are reaching your RADIUS server?

I will also recommend calling support to take a packet capture and confirm where the RADIUS authentication is failing on your network.

If you found this post helpful, please give it kudos.
If my answer solved your problem, click "accept as solution" so that others can benefit from it.
0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.