Meraki Community

sureelam

Team, We are experiencing a recurring problem with our NPS and Cisco Meraki MR Access Point. This issue has surfaced recently, where the AP authentication initially functions properly upon installation but stops working after 3 hours, despite no alterations to the network configuration. The notable difference in the logs is the appearance of the user as Security ID: NULL SID (previously displayed as the username).
The reason for this anomaly is identified as a malformed RADIUS Request message received by the Network Policy Server from the network access server.

Reason : The RADIUS Request message that Network Policy Server received from the network access server was malformed.

Our network setup consists solely of Meraki APs, connected in the following sequence: MR ----> Aruba Switch ----> Palo Alto Firewall ----> RADIUS via IPsec tunnel. Looking forward to hearing from you guys soon...

rhbirkelund

You might want to provide some more detailed information on what's going on. You might want to check the Event Viewer on the NPS server - look for Event IDs 6272 and 6273.

LinkedIn ::: https://blog.rhbirkelund.dk/

Like what you see? - Give a Kudo ## Did it answer your question? - Mark it as a Solution 🙂

All code examples are provided as is. Responsibility for Code execution lies solely your own.

cmr

If you collect the data packets from the Aruba switch, are they malformed there, or okay?

PhilipDAth

>This issue has surfaced recently

Take a look under Organization/Firmware upgrades. Does it show a recent firmware update? If so, roll back the change.

Otherwise, what changed around the timeframe that the issue started happening?

PhilipDAth

Once it is broken, I would also do a packet capture.

Also, if you have RADIUS packets going over a WAN - an MTU restriction can cause RADIUS packets to fail.