Home > Wireless LAN > Monitoring and Reporting > VLAN and RADIUS Status on Access Points

VLAN and RADIUS Status on Access Points

MR access points (APs) have the ability to monitor client network traffic, to help identify and narrow down potential network problems. When configuring access points (APs) to use VLAN tagging or RADIUS servers, additional status fields will become visible on the AP details page. These status fields can be used to help identify potential problems relating to RADIUS authentication or a particular VLAN.

From the Monitor > Access points page, click on an AP to investigate. Then look under the Status section for RADIUS status and VLAN status sub-sections, and click Show for more info.

Note: Status sections will only appear if that function has been configured and enabled.

RADIUS Status

A table will be listed that includes the SSID, a RADIUS server for that SSID, and the Status of recent authentication attempts on that SSID. The status will be marked as "Problem" if more than 2 requests do not receive responses. Click Show for an SSID to see details of the last 5 messages.

 

Req. ID An identification number for the authentication request.
Client MAC The MAC address of the client being authenticated.
Server IP The IP address of the RADIUS server.
Req. type The AP's request type; generally an "Access Request".
Resp. type The server's response type, such as "Access Challenge" or "Access Accept".
RTT (ms) How many milliseconds it took for the server response to be received. This will be empty if no response was received.
Ago (s) How many seconds ago this occurred.

Troubleshooting

If RADIUS is indicated as experiencing a "Problem," it is recommended to investigate the specific requests that are not receiving responses. If no RADIUS requests are receiving responses, there is likely an issue communicating between the access point and the RADIUS server. Ensure that the RADIUS server is online and receiving requests, and that it has been configured correctly.

VLAN Status

A table will be listed that includes the VLAN number, and the Status of several recent message types on that VLAN. The status will be marked as "Problem" if more than 2 DHCP or DNS messages do not receive a response, or if more than 3 ARP messages do not receive a response.  Click Show for a VLAN to see details of the last 5 messages of each type.

ARP

SSID The SSID the client originating this message is associated to.
Source IP The IP address of the client originating this message.
Source MAC The MAC address of the client originating this message.
Dest. IP The IP address that is being ARP'd for.
Dest. MAC The MAC address of the client that has the Dest. IP. This will be empty if no response was received.
RTT (ms) How many milliseconds it took for the destination client response to be received. This will be empty if no response was received.
Ago (s) How many seconds ago this occurred.

DNS

Req. ID An identification number for the message exchange.
SSID The SSID the client originating this message is associated to.
Client IP The IP address of the client that originated this DNS message.
Server IP The IP address of the server the DNS message was sent to.
Opcode The DNS operation code.
Rcode The DNS response code.
RTT (ms) How many milliseconds it took for the server response to be received. This will be empty if no response was received.
Ago (s) How many seconds ago this occurred.

DHCP

Req. ID An identification number for the message exchange.
SSID The SSID the client originating this message is associated to.
Client MAC The MAC address of the client originating this message.
Server IP The IP address of the server the message was sent to or a response was received from.
Req. type The client's request type.
Req. IP The requested IP address (if any).
Resp. type The server's response type.
Resp. IP The IP address offered by the server to the requesting client.
RTT (ms) How many milliseconds it took for the server response to be received. This will be empty if no response was received.
Ago (s) How many seconds ago this occurred.

Troubleshooting

If the VLAN status is shown as having a "Problem," this indicates that clients on this AP may be having issues resolving common network services:

  • ARP
    If ARP requests are being sent without receiving a response, this typically indicates that clients are attempting to contact an IP address that is either not available on the network, or otherwise unable to respond to ARP.
    Note: Depending on the client behavior, certain devices may be more likely to send ARP requests for unreachable IPs. As such, a "Problem" with ARP may not indicate an actionable network issue.
  • DNS
    If DNS queries are being sent without receiving a response, ensure that the DNS server listed under Server IP is available and configured to respond to queries. If the DNS server is external to the network, check that the client's VLAN has Internet connectivity and is being routed appropriately.
  • DHCP
    Since this status will track both DHCP Discover and DHCP Request messages, it is important to note which type of traffic is not receiving a response.
    If clients are sending DHCP Discover messages without receiving a response, ensure that there is an online DHCP server or relay within the VLAN.
    If clients are sending DHCP Request messages, check the DHCP server's configuration and see if there is a reservation in place for that particular client. Additionally, make sure there are available addresses within the DHCP server's scope.

 

Regardless of the specific problem being experienced, it may be beneficial to take a packet capture on the AP's wired interface, to better understand exactly what traffic is being sent upstream without receiving a response.

You must to post a comment.
Last modified
15:53, 23 Jul 2015

Tags

This page has no custom tags.

Classifications

This page has no classifications.

Article ID

ID: 2052

Contact Support

Most questions can be answered by reviewing our documentation, but if you need more help, Cisco Meraki Support is ready to work with you.

Open a Case