The "Recent 802.1X Failure" alert will be displayed if the periodic access-request messages sent to the configured RADIUS servers are unreachable, using a timeout period of 10 seconds. This alert was enabled on Meraki networks in January 2019.
Meraki devices periodically send Access-Request messages to configured RADIUS servers using identity 'meraki_8021x_test' to ensure that the RADIUS servers are reachable. These Access-Requests have a timeout of 10 seconds and if the RADIUS server does not respond it will be considered unreachable and will prompt the alert "Recent 802.1X failure" message.
A test is considered successful if the Meraki device receives any kind of legitimate RADIUS response (i.e. Access-Accept/Reject/Challenge) from the server.
With RADIUS testing enabled, all RADIUS servers will be tested by every node at least once per 24 hours regardless of test result. If a RADIUS test fails for a given node it will be tested again every hour until a passing result occurs. A subsequent pass will mark the server reachable and clear the alert, returning to the 24 hour testing cycle.
Adding or removing a node from a network invalidates previous tests as does changing the Dashboard configuration of the RADIUS servers.
Please note for a wireless 802.1X configuration, this alert will only be generated if the association requirements for network access is set to WPA2-Enterprise with a custom RADIUS server. This alert will not be triggered for splash pages using a RADIUS server if there is an 802.1X failure.
802.1X RADIUS configuration can be found in the following places depending on the product:
MX (configured either for access ports or wireless)
- For Access Ports
- Security & SD-WAN > Addressing & VLANs
- For Wireless
- Security & SD-WAN > Wireless settings
MR (enabled on a per SSID basis)
- Wireless > Access control
- Switch > Access policies