- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
SSID Tunneling Radius Interface
Hello,
when a SSID is tunneled in L3 roaming mode to a concentrator, the concentrator acts as Radius authenticator. Which will be the source interface / IP of the Radius requests? Is it the WAN IP of the concentrator (in routed mode)? Or is it the Vlan IP and with multiple Vlan‘s are different source IP‘s?used?
Many thanks for your help!
Solved! Go to solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
When an SSID is tunneled in Layer 3 (L3) roaming mode to a concentrator (like a Meraki MX security appliance or another wireless access point), the concentrator indeed acts as the RADIUS authenticator.
The source IP address of the RADIUS requests in this scenario is typically the IP address of the concentrator's Internet-facing interface (WAN IP). This is because the concentrator is the device interfacing directly with the RADIUS server over the network.
However, the exact behavior may depend on the specific configuration and features of the concentrator. For example, if the concentrator supports multiple VLANs and is configured to use a different source IP for each VLAN, then it could potentially use different source IPs for RADIUS requests coming from different VLANs. But this would typically require specific configuration and is not the default behavior.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
When an SSID is tunneled in Layer 3 (L3) roaming mode to a concentrator (like a Meraki MX security appliance or another wireless access point), the concentrator indeed acts as the RADIUS authenticator.
The source IP address of the RADIUS requests in this scenario is typically the IP address of the concentrator's Internet-facing interface (WAN IP). This is because the concentrator is the device interfacing directly with the RADIUS server over the network.
However, the exact behavior may depend on the specific configuration and features of the concentrator. For example, if the concentrator supports multiple VLANs and is configured to use a different source IP for each VLAN, then it could potentially use different source IPs for RADIUS requests coming from different VLANs. But this would typically require specific configuration and is not the default behavior.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ChatGPT again?
Please, if this post was useful, leave your kudos and mark it as solved.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Do you mean the answer is wrong or just fake?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Stefan_Zuber,
We're powered by A5 IT AI. We trained our system to respond to all tech troubleshooting.
Thank you,
Nick Pitzaferro
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
When the SSID is in tunnel mode - either Layer 3 roaming or VPN, RADIUS is sourced from the MX vlan IP and forwarded out the WAN interface, regardless if you have more specific entries in the routing table.
Like what you see? - Give a Kudo ## Did it answer your question? - Mark it as a Solution 🙂
All code examples are provided as is. Responsibility for Code execution lies solely your own.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Can this behaviour be changed? Alternate Management Interface etc.?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Nope. Supports recommendation is to move the MX to Passthrough Mode, instead of routed.
Like what you see? - Give a Kudo ## Did it answer your question? - Mark it as a Solution 🙂
All code examples are provided as is. Responsibility for Code execution lies solely your own.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We have done some packet captures. The source interface of the radius requests was the WAN interface, not the L3 vlan interface.