Meraki

Community

Radius Server Failure for 2 Subnets

rbeier1221
Just browsing
‎Nov 9 2017 1:22 PM
‎Nov 9 2017 1:22 PM

Radius Server Failure for 2 Subnets

I have setup Meraki wireless across multiple locations with an SSID for WPA-2 using a radius server on Windows Server 2012 R2 (virtual server in our data center). For some reason 2 of our sites fail when connecting and during testing via the Meraki dashboard. I have verified the IP addresses for the access points are included as RADIUS clients. I have looked through event viewer for errors, but I am not seeing any errors.

 

I am not sure what to really look for. Based on the configuration I would think either all access points would fail or all would succeed. I have verified all are using the same DNS settings, firmware is up to date, and all Radius clients are using the same settings, including the same shared secret template. I have compared the main switch at various locations and nothing stands out. Our routers are managed by a third party, so I have not verified settings there, but everything should match. All sites are connected via MPLS.

 

As of now I am getting around this issue by using another server, but it is a physical server scheduled to be decommissioned soon. As far as I can tell, settings are identical on both servers as far as NPS is concerned.

 

I am sure I am just missing something, but not sure what else to look for. Any and all ideas would be appreciated. Thanks.

0 Kudos
5 Replies 5
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Nov 9 2017 2:26 PM
‎Nov 9 2017 2:26 PM

Have you defined the APs individually in NPS - if so, double check the radius key.

0 Kudos
In response to PhilipDAth
rbeier1221
Just browsing
‎Nov 17 2017 11:41 AM
‎Nov 17 2017 11:41 AM

They are all using the same key from a template.

0 Kudos
In response to rbeier1221
DrDray
Meraki Employee
Meraki Employee
‎Nov 17 2017 1:11 PM
‎Nov 17 2017 1:11 PM

@rbeier1221

 

Any chance you have a Meraki switch close to the RADIUS server that these APs are failing to communicate with? Take a .pcap on the wired interface of the AP during the test, and simultaneously on the port closest to the server. You'll at least be able to see whether the REQUEST and subsequent APPROVE/REJECT messages are getting to/from the server from the AP.

 

You can always get into contact with Meraki support to have them help you with the captures. With this info, you'll at least have more definitive next steps on what to investigate.

0 Kudos
In response to rbeier1221
DrDray
Meraki Employee
Meraki Employee
‎Nov 17 2017 1:12 PM
‎Nov 17 2017 1:12 PM

@rbeier1221

 

Any chance you have a Meraki switch close to the RADIUS server that these APs are failing to communicate with? Take a .pcap on the wired interface of the AP during the test, and simultaneously on the port closest to the server. You'll at least be able to see whether the REQUEST and subsequent APPROVE/REJECT messages are getting to/from the server from the AP.

 

You can always get into contact with Meraki support to have them help you with the captures. With this info, you'll at least have more definitive next steps on what to investigate.

0 Kudos
In response to DrDray
rbeier1221
Just browsing
‎Nov 21 2017 1:39 PM
‎Nov 21 2017 1:39 PM

Testing with a laptop on one of the two subnets giving us issues. Getting an error on the laptop attempting to connect: 6105 deauth after EAPOL key exchange sequence

 

Not seeing any errors on the server.

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.