Understanding of Radius scenarios ( wifi)

athan1234
A model citizen

Understanding of Radius scenarios ( wifi)

 

Hello everyone.

I'm not sure how to proceed in this situation.
Currently,  some  APs are connected via radius ( i belive so is conecting via radius)  to the FW's DHCP server.
Those APs are connected via DHCP over an FW.
However, I am observing some things that I don't comprehend or know how they operate.
If I looked at the NPS, I couldn't tell if the setup was setup  well.

I show to your 

RAIUS SETUP FOR AP´S

The IP is  10.129.5.128/25

 

 

FW IP ADDRESS

VLAN 5 

10.129.5.1/255.255.255.0

 

 

How is it possible that the APS is operational?

there is no set up radius for the port that I am seeing, perhaps it is not configured via radius. it is possible the AP´s working no via radius ?

 

I am seeing a interface swtich setup i cant see nothing radisu set up 

 

interface GigabitEthernet1/0/2
 AP WiFi
switchport trunk native vlan 5
switchport trunk allowed vlan 5,20,40
switchport mode trunk
spanning-tree portfast
end

 

but  in somes  APs i am able to see  radius failure  

 

athan1234_0-1727172216807.png

 

 

FOr other hand  I can see some AP´s are in green.

athan1234_1-1727172663225.png

 

Please someday could  give me a explication?

 

 

12 Replies 12
PhilipDAth
Kind of a big deal
Kind of a big deal

RADIUS is for authentication (and authorization).  DHCP is for assigning IP addresses.

 

If you want to see if an SSID is using RADIUS, then check the SSID configuration in the Meraki Dashboard.  You can check your DHCP server to see if it has given an IP address out to the AP(s).

athan1234
A model citizen

Hello, Phillis

Yes, I do realize that. Maybe I'm not understanding, but the IP address of the ACCES point seems to be connected via Raius when you enter the radius NPS, doesn't it?

 

I am unable to see the address in the Radisu NPS.

VLAN 5

10.129.5.1 / 255.0.255.255

This is the firewall that has the DHCP setup.

 

The configuration for in the NPS radius is 10.129.5.128/25.

 

The hole range 24 is the APS's ip.
i dont know if i explain weell , but i cant understand

ww
Kind of a big deal
Kind of a big deal

Are there any AP's with a management address of 10.129.5.2-127?

athan1234
A model citizen

Why some APps are in orange with the Radius issue is beyond me. they are all inside the range of 2-127, they are not within the range is the NPS range
radius is 10.129.5.128/25.

All of them AP´s would have in orange colour . isent it?

 

athan1234_0-1727174801670.png

 

 

 

 

 

PhilipDAth
Kind of a big deal
Kind of a big deal

Can the RADIUS server ping those access points in organge?

 

Can those access points in orange ping the RADIUS server?

athan1234
A model citizen

Let me check

athan1234_0-1727177750186.png

 

 

from the server to the AP I am trying to get an IP address, but I am not able to ping. Perhaps this is due to policies. I get the same result i get to reach GW same result 

 

rhbirkelund
Kind of a big deal
Kind of a big deal

What is the subnet mask for your 10.129.5.2-127 range?

 

You can’t mix 10.129.5.0/24 and 10.129.5.128/25.

LinkedIn ::: https://blog.rhbirkelund.dk/

Like what you see? - Give a Kudo ## Did it answer your question? - Mark it as a Solution 🙂

All code examples are provided as is. Responsibility for Code execution lies solely your own.
athan1234
A model citizen

Hello

 

This range is theoretically configured by the NPS for the Meraki AP.

athan1234_0-1727179261935.png

 

 

With this IP range, the FW MGMNT

 

VLAN 5

10.129.5.1 / 255.0.255.255

 

DHCP RANGE

10.129.5.2-254

 

 

I'm not sure how it operates. I believe that the radius setup should have the following range. how is possible are there in green
?
In NPS there is a /25

 

Maybe  i will have to change  in the NPS to /24

 

athan1234
A model citizen

Hello, Phillis

Yes, I do realize that. Maybe I'm not understanding, but the IP address of the ACCES point seems to be connected via Raius when you enter the radius NPS, doesn't it?

 

I am unable to see the address in the Radisu NPS.

VLAN 5

10.129.5.1 / 255.0.255.255

This is the firewall that has the DHCP setup.

 

The configuration for in the NPS radius is 10.129.5.128/25.

 

The hole range 24 is the APS's ip.
i dont know if i explain weell , but i cant understand

rhbirkelund
Kind of a big deal
Kind of a big deal

Do you have a Meraki MX as well?

 

In RADIUS the Meraki APs are the Authenticators, so when a wireless supplicant connects to an SSID all RADIUS is sourced from the Meraki management ip address. So these are the ones that should be added as NADs to NPS.

 

However, if the SSID is set as a Concentrator, all RADIUS will be sourced from the MX. Could that be why it is the MX up that is added as a NAD in NPS? 

LinkedIn ::: https://blog.rhbirkelund.dk/

Like what you see? - Give a Kudo ## Did it answer your question? - Mark it as a Solution 🙂

All code examples are provided as is. Responsibility for Code execution lies solely your own.
athan1234
A model citizen

Hi 

 

I dont have MX i have a fortinet FW 

athan1234
A model citizen

I've solved the  radius issue adding /24 .

 

/////////////////////////////////////////////////////////

The next step is moving this DHCP on one FW to other FW 

For testing i moved one AP but i got this resoult

As wll i cant see in the box the radius ok .

 

 

athan1234_0-1727259152263.png

 

 

 

 

like this

 

 

athan1234_3-1727247231188.png

 

 

 

Get notified when there are additional replies to this discussion.