Hello,
when a SSID is tunneled in L3 roaming mode to a concentrator, the concentrator acts as Radius authenticator. Which will be the source interface / IP of the Radius requests? Is it the WAN IP of the concentrator (in routed mode)? Or is it the Vlan IP and with multiple Vlan‘s are different source IP‘s?used?
Many thanks for your help!
Solved! Go to solution.
When an SSID is tunneled in Layer 3 (L3) roaming mode to a concentrator (like a Meraki MX security appliance or another wireless access point), the concentrator indeed acts as the RADIUS authenticator.
The source IP address of the RADIUS requests in this scenario is typically the IP address of the concentrator's Internet-facing interface (WAN IP). This is because the concentrator is the device interfacing directly with the RADIUS server over the network.
However, the exact behavior may depend on the specific configuration and features of the concentrator. For example, if the concentrator supports multiple VLANs and is configured to use a different source IP for each VLAN, then it could potentially use different source IPs for RADIUS requests coming from different VLANs. But this would typically require specific configuration and is not the default behavior.
When an SSID is tunneled in Layer 3 (L3) roaming mode to a concentrator (like a Meraki MX security appliance or another wireless access point), the concentrator indeed acts as the RADIUS authenticator.
The source IP address of the RADIUS requests in this scenario is typically the IP address of the concentrator's Internet-facing interface (WAN IP). This is because the concentrator is the device interfacing directly with the RADIUS server over the network.
However, the exact behavior may depend on the specific configuration and features of the concentrator. For example, if the concentrator supports multiple VLANs and is configured to use a different source IP for each VLAN, then it could potentially use different source IPs for RADIUS requests coming from different VLANs. But this would typically require specific configuration and is not the default behavior.
ChatGPT again?
Do you mean the answer is wrong or just fake?
Hi Stefan_Zuber,
We're powered by A5 IT AI. We trained our system to respond to all tech troubleshooting.
Thank you,
Nick Pitzaferro
When the SSID is in tunnel mode - either Layer 3 roaming or VPN, RADIUS is sourced from the MX vlan IP and forwarded out the WAN interface, regardless if you have more specific entries in the routing table.
Can this behaviour be changed? Alternate Management Interface etc.?
Nope. Supports recommendation is to move the MX to Passthrough Mode, instead of routed.
We have done some packet captures. The source interface of the radius requests was the WAN interface, not the L3 vlan interface.