Hi all,

I’m having a consistent issue with wireless event logs, the first 802.1X authentication attempt each morning is missing the client_ip. Simply disconnecting and reconnecting the client fixes it, and all subsequent log entries include the client_ip as expected.

I need the client_ip for firewall user authentication via syslog forwarding, so this first-log issue is causing problems.
I cannot accept the only fix for my clients is "just disconnect and reconnect wireless to fix the problem"

Has anyone else come across this behavior? Could this be a limitation of DHCP, Meraki, or something else?

https://documentation.meraki.com/General_Administration/Monitoring_and_Reporting/Syslog_Event_Types_...

The Meraki documentation does not mention the authentication log containing the client_ip. However, as shown in my picture, the AP can provide the client_ip after a disconnect/reconnect following the first connection.

Any insights would be appreciated!