Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Org-level RADIUS Server - Open discussion

RaphaelL
Kind of a big deal
Kind of a big deal
‎Nov 2 2023 8:03 AM
‎Nov 2 2023 8:03 AM

Org-level RADIUS Server - Open discussion

Hi , 

 

This is an open discussion about the new EA Feature : Org-level RADIUS Server

(https://community.meraki.com/t5/Feature-Announcements/Public-Preview-Org-level-RADIUS-Server/ba-p/21...)

 

 

  1. Documentation is properly attached . Bonus points !
  2. Seems to have broken some Access Policy related API. Waiting confirmation on that
  3. User input validation seems broken

RaphaelL_0-1698938824493.png

 

  1. Existing Access Policy now includes a new UI  :

RaphaelL_0-1698937107117.png

  • The mix of 'new' UI and 'old' UI is a bit odd. 
  • Old Access Policy now display a 'show secret' button. That button is not displaying my current Secret. So I have no idea what it is showing

 

So here is my initial feedback 🙂 

 

PS : Love the idea and the feature but still dislike the way to inform of bugs / feedback. The "give feedback button" is not event present on that page , and unsure if someone is really looking at that anyway.

 

 

Cheers !

 

Labels:
Subscribe
10 Replies 10
RaphaelL
Kind of a big deal
Kind of a big deal
‎Nov 2 2023 8:32 AM
‎Nov 2 2023 8:32 AM

Open question : If you change one or all RADIUS server IPs , should we expect a Org-Wide re-auth on all ports configured with an access policy ?

 

Eg : I'm migrating my RADIUS from 10.1.1.1 to 10.2.2.2. I do the change Org-Wide. What is the expected behavior ?

 

My initial thoughts : Nothing happens until there's a re-auth or new auth on the ports using that access policy. Am I right ?

Subscribe
In response to RaphaelL
KarstenI
Kind of a big deal
Kind of a big deal
‎Nov 2 2023 9:05 AM
‎Nov 2 2023 9:05 AM

Only for Switches??? Ok ... This is a feature I have hoped for since day 1. But wireless would be more important. For your question, I would expect the existing sessions to stay active until reauth or a button "reauth now" is pressed (either on the dashboard or on the RADIUS server).

Subscribe
In response to KarstenI
RaphaelL
Kind of a big deal
Kind of a big deal
‎Nov 2 2023 9:12 AM
‎Nov 2 2023 9:12 AM

Yes I hope this get ported to MR ! 

 

The only reason I'm asking is because editing ports/access policy on MX forces a re-auth of all ports. I was worried a bit about that part but it seems that you are right. I have to do more testing

 

Edit : And MS too ? https://documentation.meraki.com/MS/Access_Control/MS_Switch_Access_Policies_(802.1X)

As of MS 9.16, changes to an existing access policy will cause a port-bounce on all ports configured for that policy.

0 Kudos
Subscribe
In response to RaphaelL
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Nov 2 2023 11:18 AM
‎Nov 2 2023 11:18 AM

> If you change one or all RADIUS server IPs

 

Does it result in a re-auth if you change the RADIUS server IP address at the current network level?

0 Kudos
Subscribe
In response to PhilipDAth
RaphaelL
Kind of a big deal
Kind of a big deal
‎Nov 2 2023 11:23 AM
‎Nov 2 2023 11:23 AM

Per documentation .. yes 

https://documentation.meraki.com/MS/Access_Control/MS_Switch_Access_Policies_(802.1X)

As of MS 9.16, changes to an existing access policy will cause a port-bounce on all ports configured for that policy.

 

But I have to try it first.  That message seems really old. 9.16 , I don't even remember the bugs from that version haha !

Subscribe
In response to RaphaelL
RaphaelL
Kind of a big deal
Kind of a big deal
‎Nov 7 2023 5:30 AM
‎Nov 7 2023 5:30 AM

Update from my case : Hi Raphael. The behavior in question is no longer present. 

 

 

So changing the Radius settings Org-wide ( or network-wide ) shouldn't bounce the configured ports.

0 Kudos
Subscribe
Ryan_Miles
Meraki Employee
Meraki Employee
‎Nov 2 2023 9:22 AM
‎Nov 2 2023 9:22 AM

MR will come later

Subscribe
In response to Ryan_Miles
cmr
Kind of a big deal
Kind of a big deal
‎Nov 3 2023 3:47 PM
‎Nov 3 2023 3:47 PM

+1 for MR please 🙂

Subscribe
bhilgenkamp2024
Here to help
‎Feb 12 2024 10:53 AM
‎Feb 12 2024 10:53 AM

Is it possible to reference these global RADIUS servers when creating an access policy via API? I'm not seeing a way to use the createNetworkSwitchAccessPolicy operation to link to these global servers.

0 Kudos
Subscribe
In response to bhilgenkamp2024
RaphaelL
Kind of a big deal
Kind of a big deal
‎Feb 12 2024 10:57 AM
‎Feb 12 2024 10:57 AM

I'm afraid it is not possible at the moment.

Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
© 2024 Cisco Systems, Inc.