Skip to main content
Cisco Meraki

Alert - Recent 802.1X Failure

RADIUS Testing

The "Recent 802.1X Failure" alert will be displayed if the periodic access-request messages sent to the configured RADIUS servers are unreachable, using a timeout period of 10 seconds. This alert was enabled on Meraki networks in January 2019.

Meraki devices periodically send Access-Request messages to configured RADIUS servers using identity 'meraki_8021x_test' to ensure that the RADIUS servers are reachable. These Access-Requests have a timeout of 10 seconds and if the RADIUS server does not respond it will be considered unreachable and will prompt the alert "Recent 802.1X failure" message.

A test is considered successful if the Meraki device receives any kind of legitimate RADIUS response (i.e. Access-Accept/Reject/Challenge) from the server.

clipboard_e9073128f6f6f563e264d1b0e4e11b69d.png

With RADIUS testing enabled, all RADIUS servers will be tested by every node at least once per 24 hours regardless of test result. If a RADIUS test fails for a given node it will be tested again every hour until a passing result occurs. A subsequent pass will mark the server reachable and clear the alert, returning to the 24 hour testing cycle.

Adding or removing a node from a network invalidates previous tests as does changing the Dashboard configuration of the RADIUS servers.

Please note for a wireless 802.1X configuration, this alert will only be generated if the association requirements for network access is set to WPA2-Enterprise with a custom RADIUS server.  This alert will not be triggered for splash pages using a RADIUS server if there is an 802.1X failure.

802.1X Configuration

802.1X RADIUS configuration can be found in the following places depending on the product:

MX (configured either for access ports or wireless)

  • For Access Ports
    • Security & SD-WAN > Addressing & VLANs
  • For Wireless
    • Security & SD-WAN > Wireless settings

MR (enabled on a per SSID basis)

  • Wireless > Access control

MS

  • Switch > Access policies