[TSHOOT] Troubleshooting RADIUS server with the MX, Switch and MR using the Cisco Meraki Dashboard
ฝัง
- เผยแพร่เมื่อ 26 ส.ค. 2024
- In this opportunity we will go through the RADIUS settings, the expected behavior and the most common scenarios that you will encounter when you are having issues with a RADIUS integration. This video will help you to have a complete understanding of the traffic between the RADIUS server and the Meraki devices as well as the event logs in order to understand in a fast and reliable way what is the root cause of your problem.
I encourage you to go through the whole video to examine the different scenarios including the last one with the expected traffic flow in a normal and healthy interaction.
_______________________________________________________________________________________
Cisco Meraki Training
• Cisco Meraki training:...
_______________________________________________________________________________________
Troubleshooting scenarios
-Server unreachable
-RADIUS misconfiguration
-Certificate issue
-Wrong credentials
-Splash page configuration
Additional videos:
-How to configure RADIUS server in MX, MS and MR
• [HOW] to configure RAD...
-How to configure firewall rules in MX
• [HOW] to configure Lay...
-How to configure content filtering in MX and MR
• [HOW] to configure Con...
Cisco Meraki Documentation
-RADIUS resolution guide
documentation....
If you encounter any issues during the troubleshooting, feel free to post a comment with the information and I will help you to move forward.
If you would to know more about similar topics, feel free to check the following videos:
RADIUS configuration
• [HOW] to configure RAD...
Content Filtering
• [HOW] to configure Con...
Layer 3 and 7 Firewall Rules
• [HOW] to configure Lay...
Client VPN
• [HOW] to configure Cli...
Traffic shaping rules
• [HOW] to configure Tra...
Wireless Settings
• [HOW] to configure Wir...
Cisco Umbrella Integration
• [HOW] to integrate Cis...
Flow Preferences
• [HOW] to configure Flo...
Appliance Status Page
• Overview of the Applia...
Creating VPN tunnels
• [HOW] to configure a N...
DHCP configuration
• [HOW] to configure a D...
Addressing and VLANs
• [HOW] to configure Add...
Troubleshooting Non-Meraki VPN
• [TSHOOT] Troubleshoot ...
Troubleshooting ClientVPN
• [TSHOOT] Troubleshot C...
![[HOW] to integrate Cisco Umbrella with Cisco Meraki devices using the Cisco Meraki dashboard](http://i.ytimg.com/vi/xHLk9bAUkSw/mqdefault.jpg)
![[HOW] to integrate Cisco Umbrella with Cisco Meraki devices using the Cisco Meraki dashboard](/img/tr.png)
![[TSHOOT] Troubleshoot Non-Meraki VPN Tunnels with Cisco Meraki MX Security Appliances](http://i.ytimg.com/vi/WJNUImcWfWg/mqdefault.jpg)
![[UNCUT] The Loyal Pin ปิ่นภักดิ์ EP.4 (4/4)](http://i.ytimg.com/vi/d3l5rxl5CVo/mqdefault.jpg)
![[TSHOOT] Troubleshoot AutoVPN and VPN Registry in Cisco Meraki MX Security Appliances](/img/n.gif)
These are great instructional videos! I recently onboarded with Cisco Meraki and there is a lot to learn but your style of teaching reduces the learning curve! Thank you!
Very helpful. Looking forward for wireless clients ( Splash Auth) associating issue troubleshooting video.
Good morning friend, I wanted to ask you why you have to use the public IP of Meraki to configure network access (Open) + Splash Page Sign-on with my Radius server, and if this endangers our firewall even if you use port 2525 as you indicate in the video.
Thank you and that was a very clear explanation. I hope you help answer one of my questions as well.
If I use the splash page with my RADIUS server, I can see round robin option for servers.
But if I use enterprise with my RADIUS server, I don't see round-robin option. So, is this feature not available if I use enterprise with my RADIUS server?
Your video has been very helpful, I have successfully had traffic to the radius server from my Meraki MX64 Router / Security Appliance ... the problem that is presented to me is
once the users are logged in through the radius server when I try to use the "revoke" option in the clients menu but nothing happens ... the users are still on the internet so for days the user continues to have internet browsing. Even cisco support has indicated to me that The MX Splash Page feature is not currently compatible with Active Directory integration, I am trying with freeradius not with active directory ... everything is fine until I try to revoke access. :(
Hello Jose, thanks for reaching out.
The revoke button is mainly used when you have a splash page. Since you mentioned you are using the MX64, I am assuming you are configuring RADIUS authentication for the clients when they connect to the ports ( nothing wireless related).
If that is the case, you can try and use Meraki authentication instead for testing purposes and see if the revoke button is working properly. If it is not, you can report back to Support that the feature is broken.
To revoke the Access to a RADIUS authentication, what is normally used is CoA, which should be configured on both the Meraki device and the RADIUS server.
That was great! thanks a lot! I have a question, in my case there are many users and mostly they are connected fine. it happens that only 3 users face problem with auth failure and when I check the rejected logs, I can see that their request is rejected. But for example, when I run the test with my credential , all works great. Based on the users report, they didn't change the credentials recently and they used to connect with that before, but not now. what can be the problem then?
Thanks in advance :)
When I configure the Server Radius.
IN the Server Radius: I only need to add the IP of the meraki dashboard and its SECRET Key, or do I need to add to All the access points and their IP addresses each one with th
Hello Morpheo,
You will need to add the IP addresses of all the APs that will be authenticating the clients. All the APs should be able to send authentication requests to the RADIUS server.
Here @18:13, the IP address of Radius server is 92.7.146.151 (is this IP is identical or we have to use our public IP ) is belongs to whom, Where I have to allow it, Or we have to NAT our Radius server with Public IP to reachable from Meraki cloud.
Hello Manish,
That IP address is the public IP address of my RADIUS server. That IP address will change in the firewall info page based on the RADIUS configuration you have on your dashboard. You will see that when you configure your own IP address, you will see it there.
If you are using Splash Page with RADIUS, the RADIUS server should be accessible from the Meraki cloud since the Acess-Request will come from the public IP addresses mentioned in the firewall info and not from your network. That is the main difference between the WAP2- Enterprise and the Splash page.
I hope that helps you.
@@TheITWay it means our radius server should be accessible from meraki cloud and we have to do port forwarding on our firewall
If you are using Splash Page, that is correct. I did the same when I was recording the video.