Hello Community,
We are having intermittent Radius authentication issues last couple month now. Here is some background regarding our configuration:
We have 2 SSID is setup across all offices which are xxx_CORP and xxx_GUEST.
xxx_GUEST is based on permanent password authentication and works without issues.
However xxx_CORP is configured with Radius Authentication with certificate, and our radius
provider is radius-as-a-service.com. Intermittently our corporate devices like laptops are having
issues to connect. When I pull Meraki portal logs regarding authentication I see lots of these errors:
Client made an 802.1X authentication request to the RADIUS server, but it did not respond.auth_mode='wpa2-802.1x' vlan_id='50' radius_proto='ipv4' radius_ip='127.0.0.1' reason='radius_timeout' reassoc='1' radio='1' vap='0' channel='44' rssi='42'
With radius server we use secure radius configuration utilizing RadSec over TCP. I wondering why in the logs showing radius
server address as "127.0.0.1" why not actual radius server address configured ?
If anybody have any advice or experience I really appreciate your input.
Thank you very much.
Thank you @alemabrahao for quick response, here is firmware info:
Current version: MR 30.6
We upgraded couple month ago that also kind a aligns with radius issues, I have to check.
What does the RADIUS server log show? Is it seeing the authentication request coming in? Is it allowing it or denying it (and if deny, why)?
Hey PhillipDath.
No unfortunately I do not see deny requests on Radius server. Especially from devices it has been issues. That's baffling me.
In your place I would try to downgrade or upgrade to another version just to test. It would be interesting to request support from Meraki support.
Hello,
It is expected to observe 127.0.0.1 IP address while using the RADSec over TCP. Did you notice if the Access-Request messages are reaching your RADIUS server?
I will also recommend calling support to take a packet capture and confirm where the RADIUS authentication is failing on your network.