Dear Experts ,
I want to ask related to access-control on meraki MX ,
i see the options that we can use radius server and have the server ip field in the option.
For example if we have cisco ISE ,if i'm not wrong , on Meraki MX we input ise ip address as radius server ,
and in the ise NAD (client) put wan ip of Meraki mx ?
because Meraki MX , there is a hint show that , dashboard must need to reach to radius server too.
i'm not really sure on this , pls help verify , thanks
Are you talking about 802.1x access control? If so, then yes, you are correct when it comes to how to setup Cisco ISE. You need to create you policies in ISE, then when you are ready, add the MX IP address with the Radius credentials as a NAD in ISE, then on the desired switchport/SSID on the MX, add the ISE server IP, secret key, and ports.
Here is a KB article to assist as well.
What I think that is referring to is if/when you have a customer-hosted RADIUS on your premises, then you would need to open up UDP/1812 inbound on your perimeter firewall in order for outside clients to be able to authenticate inbound against your RADIUS server.
Not sure if that was the design you were implementing but if that's how you have it configured, it should be reflected under Help > Firewall Rules. This is typically seen when configuring splash page sign-on via RADIUS.
Alternatively, maybe you were looking to simply have the SSID auth against your internal RADIUS, so perhaps this doesn't involve splash or opening up anything from the outside to get to your RADIUS. Maybe it's just in the association section (not the splash page section) that you choose Enterprise auth with my RADIUS server, and then if you want you could still have a click-thru splash page. Sorry if I misunderstood the question. Some pretty good docs on this also https://documentation.meraki.com/Special:Search?q=radius
And how about sending configuration through API?
I've automation project related to Meraki MX Access Control and really appreciate if you've documentation about this subject 🙂
Note: I've already checked this document: https://developer.cisco.com/meraki/api but none of it has MX Access Control API (including GET & POST method)
Thanks in advance