Yes I think so

Have you checked the basics through? You can fully route to the server IP and it can route back?

Anything in the logs? Re-entered the secrets again just to be sure etc

from Server, AP ip is pinging and from AP, server ip is pinging. Can you guide me to troubleshoot this ?

Ping is working in both directions. No L3 only L2.

Hi Redsector,

Did you over come the issue ?

No solution up to now.

The Radius-test is still not possible.

The routing must be good because otherwise the clients and accesspoints couldn´t connect to the ISE (both have to).

 

 

So u ddnt able to use Radius Server option in Meraki ?

No, I can use it, otherwise the clients couldn´t connect to the LAN.

Only the Radius-Test option is not working.

I'm not able to connect my clients to radius. I'm pretty new to this radius testing. I dont know how to troubleshoot this issue

Prashan: in the Cisco ISE (Radius) you have to add every accesspoint with an fixed IP-address to allow clients to be connected.

Hi @redsector 

 

I use windows server 2016 environment

---

@Prashan wrote:

Hi @redsector 

 

I use windows server 2016 environment

---

We do as well and it is working fine, even at the moment.

 

Do you use authentication certificates on your clients to connect to the wifi, which have to be installed within the Radius as well?

MarcP: how do you connect to test the Radius? Is it the Windows-Domain-Name + Name + Password?

Or is there a special Radius account to use?

I am using my personal username + password

 

To verify used another accounts credentials, worked as well.

 

without domain\

 

Hello Prashan,

 

That's a funny coincidence, I noticed the exact same issue earlier today.

I spent a few hours scratching my head and switching between the Meraki dashboard and our Cisco ISE (which handles the RADIUS requests) and I finally figured out what was the issue.

 

In our case: all our ISE policies start with a "if Wireless_802.1X". This checks two things from the RADIUS request fields:

• NAS-Port-Type = Wireless-802.11
• Service-Type = Framed

Interestingly enough, it turns out that if you use the "Test" button the Meraki AP will not include the "Service-Type" information in its RADIUS request. Because of that the request does not pass the "if Wireless_802.1X" condition and is rejected.

 

You can see this behavior with a packet capture of the AP uplink port. As you can see below  only the NAS-Port-Type is sent:

 

However during a real user authentication, the AP correctly sends both information to the RADIUS server so the authentication is working fine.

 

So I would check whether you are also using the "Wireless_802.1X" condition on your RADIUS server or not.

To confirm this test works correctly on all sites we manage

 

What issues are you having?

 

 

Hi @Nick 

 

1st I'm not able to do the Radius Test.

 

Radius installed on Windows Server 2016. Ping is working from both ends

 

Is there way to check from server side ? I followed youtube video for complete this task

Nick: "Authentification failed", means connection to Cisco ISE is ok. But my Cisco ISE credentials are not working.

Look at the first picture in this topic. It's a problem of how to connect with which name.

 

Prashan: did you test yourdomain\name + password ?

Hi @redsector,

 

I did test using server admin login

 

Hi @MarcP 

 

I hope this is what you asking

 

Hi @Raphael_M 

 

I hope this is what you asking

 

Hi All,

 

Please find more details for this thread

 

Clients are connecting successfully

 

Hi All,

 

Thank you for your time and valuable thoughts

 

It is suddenly get successfull and clients are getting connected as well

 

 

Hi @redsector 

 

Try to test using user which are in Radius group

 

Hi @redsector I was focussed on the original posters question - not your ISE part. Though you are correct the image shows failed authentication not connection.

 

Looks like that issue is resolved now 🙂 - did you try the suggestions made in the later posts?