Hello,
We've got an SSID which use the radius authentication.
When I try an authentication via the AP I've got this error message "failed to connect to the RADIUS server".
I run a packet capture on the radius server and on the wired AP, and I see that the AP communicate with the radius but it block on the access challenge id=2.
See below please:
On the AP:
On the radius server:
It seems that the AP don't received the "access-challenge id=2".
Have you experienced this issue ? How to resolve ?
Thank you for your help!
Regards
Did you capture on the switchport to the ap? or other devices in the path if that packet is still present
My first guess is that the RADIUS server is not configured to accept MSCHAPv2.
What does the RADIUS server log say?
I'm 50% confident you won't get an Access-Reject if the shared secret is wrong. You generally get no response at all.
just go to 100% (RFC2865):
Once the RADIUS server receives the request, it validates the sending client. A request from a client for which the RADIUS server does not have a shared secret MUST be silently discarded. If the client is valid, ...
The relevant part will likely be inside the second Access-Reques/Access-Chalenge. There the Client and RADIUS-Server talk about the EAP-Method to use.
@gchak : Review this if it helps
https://documentation.meraki.com/MR/MR_Splash_Page/RADIUS_Failover_and_Retry_Details