When a client generates an EAP session and sends traffic to a Meraki device, the Meraki device will forward an Access-Request to the RADIUS server. Take a wireless or wired packet capture on the client device to check if the traffic is being sent out of the client device.Īfter confirming that the client device is sending the required traffic, if the authentication fails, take another packet capture and follow the flow chart. Verify the configurations on the client device to make sure they match with the requirements for RADIUS authentication. Verify if the client is attempting to connect to the correct SSID or port and generating an EAP session. In case of no RADIUS protocol traffic seen from the Meraki device, follow the steps below: If there is traffic seen, make sure to verify the username to make sure the traffic has been seen for the correct client device. With the Wireshark filter mentioned above, only the RADIUS traffic will be filtered in the output and if there is no RADIUS protocol traffic being sent out to the RADIUS server from the Meraki devices, the output will be empty. A sample packet capture can be downloaded for reference. The above screenshot is for a successful RADIUS authentication, as you can see bi-directional communication with Access-Requests, Access-Challenges and Access-Accept. The packet capture can be opened in Wireshark and a filter can be applied as shown below:Įg: ip.addr=192.168.128.254 & radius (192.168.128.254 is the IP of the RADIUS server)Ī generic filtered RADIUS packet capture is shown below for reference:
Once a packet capture is initiated, have a failed client attempt to connect to RADIUS again and let the packet capture run while this process is being completed.
#Cisco vpn setup secondary radius authentication server download
The packet capture must be taken on the wired interface of the Meraki device through which the RADIUS server can be reached, and it is highly recommended to download the output as a. This feature can be accessed by navigating to Network Wide > Monitor > Packet Capture. The Meraki Dashboard provides the ability to take packet captures directly on all RADIUS-capable Meraki devices in the network.