Hi Team,
When I try to test my radius server from Meraki Dashboard it got following messaging. Can you help out to solve this issue ?
"Authentication failed while testing on one of your APs. This means the RADIUS server was reached but your credentials were incorrect. The test was stopped to prevent this account from being locked out due to multiple failed attempts. Please try again with different username and/or password"
Regards
Prashan
Note - AP unreachable is cause of I ddnt power up the other AP
Have you set up the AP on Radius site, with the correct "Secret"?
Yes I think so
Ping is working in both directions. No L3 only L2.
I have got the same issue with all of our MR-accesspoints (about 60 MR accesspoints). Everything is working well but the Radius-Test doesn´t work. We use an Cisco ISE as Radius-server.
No solution up to now.
The Radius-test is still not possible.
The routing must be good because otherwise the clients and accesspoints couldn´t connect to the ISE (both have to).
No, I can use it, otherwise the clients couldn´t connect to the LAN.
Only the Radius-Test option is not working.
Prashan: in the Cisco ISE (Radius) you have to add every accesspoint with an fixed IP-address to allow clients to be connected.
@Prashan wrote:Hi @redsector
I use windows server 2016 environment
We do as well and it is working fine, even at the moment.
Do you use authentication certificates on your clients to connect to the wifi, which have to be installed within the Radius as well?
MarcP: how do you connect to test the Radius? Is it the Windows-Domain-Name + Name + Password?
Or is there a special Radius account to use?
I am using my personal username + password
To verify used another accounts credentials, worked as well.
without domain\
Hello Prashan,
That's a funny coincidence, I noticed the exact same issue earlier today.
I spent a few hours scratching my head and switching between the Meraki dashboard and our Cisco ISE (which handles the RADIUS requests) and I finally figured out what was the issue.
In our case: all our ISE policies start with a "if Wireless_802.1X". This checks two things from the RADIUS request fields:
Interestingly enough, it turns out that if you use the "Test" button the Meraki AP will not include the "Service-Type" information in its RADIUS request. Because of that the request does not pass the "if Wireless_802.1X" condition and is rejected.
You can see this behavior with a packet capture of the AP uplink port. As you can see below only the NAS-Port-Type is sent:
However during a real user authentication, the AP correctly sends both information to the RADIUS server so the authentication is working fine.
So I would check whether you are also using the "Wireless_802.1X" condition on your RADIUS server or not.
To confirm this test works correctly on all sites we manage
What issues are you having?
Hi @Nick
1st I'm not able to do the Radius Test.
Radius installed on Windows Server 2016. Ping is working from both ends
Is there way to check from server side ? I followed youtube video for complete this task
Nick: "Authentification failed", means connection to Cisco ISE is ok. But my Cisco ISE credentials are not working.
Look at the first picture in this topic. It's a problem of how to connect with which name.
Prashan: did you test yourdomain\name + password ?
Hi @redsector,
I did test using server admin login
Hi @MarcP
I hope this is what you asking
Hi @Raphael_M
I hope this is what you asking
Hi All,
Please find more details for this thread
Clients are connecting successfully
Hi All,
Thank you for your time and valuable thoughts
It is suddenly get successfull and clients are getting connected as well
Hi @redsector
Try to test using user which are in Radius group
Hi @redsector I was focussed on the original posters question - not your ISE part. Though you are correct the image shows failed authentication not connection.
Looks like that issue is resolved now 🙂 - did you try the suggestions made in the later posts?