Meraki

Messy

Hello,

Just been looking at the SD-WAN, Access Control settings which look brilliant, exactly what we need at the moment.

I was happily setting it up and getting a little confused as to why it wasn't able to reach our RADIUS servers when I saw the little sign that says "

Please make sure that:

Your RADIUS servers have public IP addresses (i.e., they are reachable on the Internet)."

am I missing something, is that the ONLY option? I'd be shocked if that was the case. Please tell me we don't have to expose our servers to the internet so internal devices can access internal resources.

Mloraditch

You may want to look at this:

https://documentation.meraki.com/MX/Access_Control_and_Splash_Page/MX_Access_Policies_(802.1X)
If you have one of the smaller models you can do more normal access control. What you found is designed for splash page control for whole VLANs and that may be the source of the limitation.

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.

alemabrahao

Yes, it is a requirement that your Radius server is accessible via the internet. The reason for this is because the ones that will communicate with your server are Meraki's public IPs and not the MX IP.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

alemabrahao

One option is to configure a RADIUS proxy to forward authentication requests to your internal server and avoid exposing your RADIUS servers to the Internet.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

Meraki

Community

Access control requires RADIUS with public IPs?

Access control requires RADIUS with public IPs?