error getting IP address authentication with 802.1X RADIUS and WPA2-PSK

Bytelab
Here to help

error getting IP address authentication with 802.1X RADIUS and WPA2-PSK

Hi Community:

I'm confused with an implementation

 

I will explain:
There are two offices located on different floors of the same building. One of them has 3 AP (1MR18 and 2MR42) and the superior one with 1 AP (MR33) since the area is smaller.
The problem is that from the top floor to the bottom there are no problems with roaming, nor access to the wireless network (authentication with 802.1X RADIUS in one SSID and WPA2-PSK in another), however from the bottom floor to the top, the connection in the client shows "error getting IP address" (for both SSIDs) and the logs in Meraki are:

2019-06-19 15_28_01-Event log - Meraki Dashboard.png

 

All APs are in the same subnet and all have their trunk port for all VLANs as well as untagged for the IPs from which they are handled.
It should be added that if the MR33 is rebooted then there is no problem to access the wireless in the upper floor, but once the client leaves the coverage of the MR33 for any other AP and then returns again, then gets "error in IP" .
The APs use different channels in 2,4 band (1,6,11 for the lower floor and 1 for the upper floor, which in turn is the furthest from the other that uses channel 1) and also in 5 band.

 

Any ideas about what could be wrong?

Any suggestion?

 

Thanks in advance

8 Replies 8
kYutobi
Kind of a big deal

Capture.PNG

Have you tested this option?

Enthusiast
Bytelab
Here to help

Hi @kYutobi 

Since there is only one subnet, I do not think it is necessary to do Layer 3 roaming. 

We use VLANs (layer 2) without routing between them.

Do you have any other suggestion?

wifijanitor
Meraki Employee
Meraki Employee

so to make sure I have this right. If you start out on the top floor (MR33) and roam to the bottom floor ( 3 AP) there is no issue. If you start on the bottom floor and roam to the upper floor, you get the "error getting IP address". Then, if you reboot the MR33 it will work again. is the above correct? Looking at the image you shared, it looks like the client gets authenticated just fine, and is on VLAN 100. Is this the correct VLAN for the client?
Bytelab
Here to help

Hello @wifijanitor 

The scenario is exactly as you described it. VLAN 100 is used for wireless clients authenticated through the SSID with RADIUS or through the SSID with WPA2-PSK.
It should be added that among the 3 APs on the lower floor there are no problems in roaming between them.

PhilipDAth
Kind of a big deal
Kind of a big deal

All the APs should be in the same Meraki network and should have the same SSIDs.  Is this the case?

Bytelab
Here to help

HI @PhilipDAth 

 

Each AP is added to the same network in meraki dashboard and all can access the same SSID.

Is there any reasonable explanation why IP 0.0.0.0 is obtained when accessing the Wi-Fi network via RADIUS or via WPA2-PSK?

 

 

2019-06-24 09_58_44-Access Points - Meraki Dashboard.png

 

Any other suggestion?

Thanks in advance.

wifijanitor
Meraki Employee
Meraki Employee

Honestly, sounds like a bug in the forwarding table of the MR33, since a reboot resolves it. I'd open a case, when you are having the issue so that they can look at the backend and see what's going on. it may also be useful to get a pcap of the AP's port, in the bad condition, and see what is being sent to the wire.
Bytelab
Here to help

Hi Meraki Community

Is there any info about this issue?
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels