Meraki

athan1234 · ‎Sep 24 2024

Hello everyone.

I'm not sure how to proceed in this situation.
Currently, some APs are connected via radius ( i belive so is conecting via radius) to the FW's DHCP server.
Those APs are connected via DHCP over an FW.
However, I am observing some things that I don't comprehend or know how they operate.
If I looked at the NPS, I couldn't tell if the setup was setup well.

I show to your

RAIUS SETUP FOR AP´S

The IP is 10.129.5.128/25

FW IP ADDRESS

VLAN 5

10.129.5.1/255.255.255.0

How is it possible that the APS is operational?

there is no set up radius for the port that I am seeing, perhaps it is not configured via radius. it is possible the AP´s working no via radius ?

I am seeing a interface swtich setup i cant see nothing radisu set up

interface GigabitEthernet1/0/2
AP WiFi
switchport trunk native vlan 5
switchport trunk allowed vlan 5,20,40
switchport mode trunk
spanning-tree portfast
end

but in somes APs i am able to see radius failure

FOr other hand I can see some AP´s are in green.

Please someday could give me a explication?

PhilipDAth · ‎Sep 24 2024

RADIUS is for authentication (and authorization). DHCP is for assigning IP addresses.

If you want to see if an SSID is using RADIUS, then check the SSID configuration in the Meraki Dashboard. You can check your DHCP server to see if it has given an IP address out to the AP(s).

athan1234 · ‎Sep 24 2024

Hello, Phillis

Yes, I do realize that. Maybe I'm not understanding, but the IP address of the ACCES point seems to be connected via Raius when you enter the radius NPS, doesn't it?

I am unable to see the address in the Radisu NPS.

VLAN 5

10.129.5.1 / 255.0.255.255

This is the firewall that has the DHCP setup.

The configuration for in the NPS radius is 10.129.5.128/25.

The hole range 24 is the APS's ip.
i dont know if i explain weell , but i cant understand

ww · ‎Sep 24 2024

Are there any AP's with a management address of 10.129.5.2-127?

athan1234 · ‎Sep 24 2024

Why some APps are in orange with the Radius issue is beyond me. they are all inside the range of 2-127, they are not within the range is the NPS range
radius is 10.129.5.128/25.

All of them AP´s would have in orange colour . isent it?

PhilipDAth · ‎Sep 24 2024

Can the RADIUS server ping those access points in organge?

Can those access points in orange ping the RADIUS server?

athan1234 · ‎Sep 24 2024

Let me check

from the server to the AP I am trying to get an IP address, but I am not able to ping. Perhaps this is due to policies. I get the same result i get to reach GW same result

rhbirkelund · ‎Sep 24 2024

What is the subnet mask for your 10.129.5.2-127 range?

You can’t mix 10.129.5.0/24 and 10.129.5.128/25.

LinkedIn ::: https://blog.rhbirkelund.dk/

Like what you see? - Give a Kudo ## Did it answer your question? - Mark it as a Solution 🙂

All code examples are provided as is. Responsibility for Code execution lies solely your own.

athan1234 · ‎Sep 24 2024

Hello

This range is theoretically configured by the NPS for the Meraki AP.

With this IP range, the FW MGMNT

VLAN 5

10.129.5.1 / 255.0.255.255

DHCP RANGE

10.129.5.2-254

I'm not sure how it operates. I believe that the radius setup should have the following range. how is possible are there in green
?
In NPS there is a /25

Maybe i will have to change in the NPS to /24

athan1234 · ‎Sep 24 2024

Hello, Phillis

Yes, I do realize that. Maybe I'm not understanding, but the IP address of the ACCES point seems to be connected via Raius when you enter the radius NPS, doesn't it?

I am unable to see the address in the Radisu NPS.

VLAN 5

10.129.5.1 / 255.0.255.255

This is the firewall that has the DHCP setup.

The configuration for in the NPS radius is 10.129.5.128/25.

The hole range 24 is the APS's ip.
i dont know if i explain weell , but i cant understand

rhbirkelund · ‎Sep 24 2024

Do you have a Meraki MX as well?

In RADIUS the Meraki APs are the Authenticators, so when a wireless supplicant connects to an SSID all RADIUS is sourced from the Meraki management ip address. So these are the ones that should be added as NADs to NPS.

However, if the SSID is set as a Concentrator, all RADIUS will be sourced from the MX. Could that be why it is the MX up that is added as a NAD in NPS?

LinkedIn ::: https://blog.rhbirkelund.dk/

Like what you see? - Give a Kudo ## Did it answer your question? - Mark it as a Solution 🙂

All code examples are provided as is. Responsibility for Code execution lies solely your own.

athan1234 · ‎Sep 24 2024

Hi

I dont have MX i have a fortinet FW

athan1234 · ‎Sep 24 2024

I've solved the radius issue adding /24 .

/////////////////////////////////////////////////////////

The next step is moving this DHCP on one FW to other FW

For testing i moved one AP but i got this resoult

As wll i cant see in the box the radius ok .

like this

Meraki

Community

Understanding of Radius scenarios ( wifi)

Understanding of Radius scenarios ( wifi)