Meraki

mernoobnetwork

we have had meraki mr44 and 76s for a while now, and one site starting having issues with radius timeout issues

then the issue would pass and come back

now im getting a few more sites are starting to report issues.

we have toggled client balancing, fast roaming is off. anything else we can look into

we are using windows servers for radius (NPS)

DarrenOC

Are the issues happening in certain spots or is this a site wide problem?

I had one client who literally couldn’t use their devices in a certain area. After running some survey software I found 2 old APs on the network that were broadcasting the same SSID. Once removed…all was well.

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.

BlakeRichardson

How many client devices are you supporting?
Is the NPS server being over utilised?
Is the problem site wide or location based?

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.

mernoobnetwork

location specific

its not a coverage issue

all other sites are ok, and im talking about hundreds

BlakeRichardson

Just confirming by location specific do you mean a single site out of multiple sites or a location within single site?

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.

mernoobnetwork

multiple phyiscal sites

but over a 100 work no problem

cmr

@mernoobnetwork for the site where you have the problems, is it all over the site or for particular APs?

If my answer solves your problem please click Accept as Solution so others can benefit from it.

mernoobnetwork

the entire site

mernoobnetwork

our guest network is ok, but doesnt use radius

BlakeRichardson

And each site is connecting to a single NPS hosted via a site to site VPN or does each site have their own NPS?

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.

mernoobnetwork

single windows server nps in a dc

yes tunneled back

PhilipDAth

Painfull!

Maybe it is a bandwidth squeeze.

Try configuring the WAN uplink bandwidth (on your MX) to match what it actually is.

Then then create a QoS rule to make the RADIUS traffic high priority.

More general information:

https://documentation.meraki.com/MX/Firewall_and_Traffic_Shaping/SD-WAN_and_Traffic_Shaping

mernoobnetwork

the issue has started to spread to multiple sites

it will stop working, then start working 2 hours later

looking at our nps servers, as that is the most central issue

nps event mainly around malformed packet/request

Networking101

What firmware you are running and what logs or error do you see on Meraki dashboard, End machine and NPS?

pjc

Are you using EAP-TLS certs etc for authentication to NPS ? We have seen similar issues at a few of our sites caused by some sites having lower MTU values resulting in packet fragmentation when using certs and VPN connections. We tried lowering MTU packet size on NPS connection policies without any success.

Ended up using Meraki Radius Proxy for those sites with the issue - as it's sent directly out over the internet for this, then you don't get the VPN encryption overhead and the auth packets are not fragmented

Good luck

Meraki

Community

wireless issues all of a sudden

wireless issues all of a sudden