Meraki

Community

weird connection issue

Adrian4
Head in the Cloud
‎Oct 10 2024 4:03 AM
‎Oct 10 2024 4:03 AM

weird connection issue

Hello,

 

I have a site where a random selection of computers can no longer connect to our internal 802.1x SSID (can connect to a guest ssid with PSK).

Not all devices are effected.

 

In the logs I can see the client receive the RADIUS challenge but then the client apparently gives up.

Log message is 
Client was deauthenticated - Sending STA is leaving or has left Independent BSS or ESS. Client indicated to the AP that it's disconnecting from the wireless network. Could be from a client going into 'sleep' mode and disconnecting the WiFi radio for battery savings.

I can see the client jumping around APs trying to authenticate. Everytime, it receives the challenge, disconnects and then it trys again on another AP.

I can see from the logs that they were ok yesterday afternoon about 3pm. I think the problem started yesterday evening. 

 

There were no client or Meraki changes yesterday.
Windows and wifi drivers have been updated today as part of troubleshooting - no effect.


any ideas?

thanks,

0 Kudos
4 Replies 4
JoanaP
Meraki Employee
Meraki Employee
a month ago
a month ago

Hi Adrian,

 

it would be good to parse the RADIUS server's logs and check why is the client challenged.

 

Packet captures on the wired interface of the AP can also help to verify at what point the communication stops. This article gives a nice visual on what is the expected flow so that you can troubleshoot further:

https://documentation.meraki.com/MR/Encryption_and_Authentication/Configuring_RADIUS_Authentication_...

 

BR,

Ioana

 

 

0 Kudos
In response to JoanaP
Adrian4
Head in the Cloud
a month ago
a month ago

Hello,

 

Sry, I'm a little confused..."why is the client challenged?"

Its a standard part of the authentication process. After the client initiates the connection, the RADIUs checks its policy and if the client is allowed, it will send the client an access challenge request that asks the client to proceed. They then start a TLS handshake.

During the handshake, the server does send the client its certificate to prove who it is, and i wondered if it could be an issue with that cert - but our RADIUS servers look after about 60 different physical sites and there isnt an issue anywhere else.

I will try to get a capture but it will be difficult to co-ordinate as the site is in another country 😕

cheers

0 Kudos
In response to Adrian4
yaypingworks
Here to help
a month ago
a month ago

Once I had an issue with iPSK SSID where only some devices could connect, some could not. Only affecting one location. The solution ended up being to disable the SSID and to rebuild it using one of the spare 'Unconfigured SSID #'. Head scratcher but maybe its a bug in Meraki and worth trying this

In response to yaypingworks
Adrian4
Head in the Cloud
a month ago
a month ago

hmmm, i may have to resort to that, thanks!

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.