cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Does Meraki accept RADIUS Tunnel-Private-Group-Id attribute being VLAN name and not VLAN ID ?

SOLVED
Highlighted
Conversationalist

Does Meraki accept RADIUS Tunnel-Private-Group-Id attribute being VLAN name and not VLAN ID ?

Dear Meraki community,

 

I am considering using OneLogin RADIUS service for my company wired and wireless authentication.

 

The problem being that I can only configure the RADIUS attribute Tunnel-Private-Group-Id value to be the matching role name of my user and not the role VLAN ID.

 

So for example, if I'm assigned the HR role on OneLogin, the RADIUS reply message will be the following 

     Tunnel-Private-Group-Id:0 = "HR"
     Tunnel-Type:0 = VLAN
     Tunnel-Medium-Type:0 = IPv4
     Filter-Id = "HR;Social Media"

 

Can Meraki properly interpret this RADIUS reply message and assign the "HR" VLAN declared in my Dashboard ?

 

Thank you all in advance 🙏

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Kind of a big deal

Re: Does Meraki accept RADIUS Tunnel-Private-Group-Id attribute being VLAN name and not VLAN ID ?

So the answer is no to tunnel-group-id, but I see there is Filter-Id in the response. You can use that to assign a Group Policy to the user/device, which in turn can specify a VLAN. Maybe that approach will work for you?

 

https://documentation.meraki.com/MR/Group_Policies_and_Blacklisting/Using_RADIUS_Attributes_to_Apply...

 

https://documentation.meraki.com/zGeneral_Administration/Cross-Platform_Content/Creating_and_Applyin...

 

 

View solution in original post

8 REPLIES 8
Highlighted
Kind of a big deal

Re: Does Meraki accept RADIUS Tunnel-Private-Group-Id attribute being VLAN name and not VLAN ID ?

So the answer is no to tunnel-group-id, but I see there is Filter-Id in the response. You can use that to assign a Group Policy to the user/device, which in turn can specify a VLAN. Maybe that approach will work for you?

 

https://documentation.meraki.com/MR/Group_Policies_and_Blacklisting/Using_RADIUS_Attributes_to_Apply...

 

https://documentation.meraki.com/zGeneral_Administration/Cross-Platform_Content/Creating_and_Applyin...

 

 

View solution in original post

Kind of a big deal

Re: Does Meraki accept RADIUS Tunnel-Private-Group-Id attribute being VLAN name and not VLAN ID ?

Sorry, I take that back! I should know better to double check before I answer!

 

It looks like tunnel-group-id is honoured, but it needs to be the VLAN number, not the name.

 

image.png

 

https://documentation.meraki.com/MR/Encryption_and_Authentication/Configuring_RADIUS_Authentication_...

 

 

Highlighted
Kind of a big deal

Re: Does Meraki accept RADIUS Tunnel-Private-Group-Id attribute being VLAN name and not VLAN ID ?

To add to @jdsilva response further - Meraki has no concept of a VLAN name.  So you can only use id's (and group policy names).

Highlighted
Conversationalist

Re: Does Meraki accept RADIUS Tunnel-Private-Group-Id attribute being VLAN name and not VLAN ID ?

Thank you @jdsilva and @PhilipDAth @for your answers !

 

I’ll probably stick with the group policy through the filter-id.

 

feature request might take a while at OneLogin.

 

 

Highlighted
Comes here often

Re: Does Meraki accept RADIUS Tunnel-Private-Group-Id attribute being VLAN name and not VLAN ID ?

Hallo Guys.

 

Me by working on a project using a radius that is combined with the radius of the server.

Type radius of what server is suitable for use with Cisco Meraki. Does Freeradius be able to do "Tunnel-Private-Group-ID" in Cisco connection with the Meraki?

Highlighted
Kind of a big deal

Re: Does Meraki accept RADIUS Tunnel-Private-Group-Id attribute being VLAN name and not VLAN ID ?

>Does Freeradius be able to do "Tunnel-Private-Group-ID" in Cisco connection with the Meraki?

 

Yes.

Highlighted
Comes here often

Re: Does Meraki accept RADIUS Tunnel-Private-Group-Id attribute being VLAN name and not VLAN ID ?

thanks for your answers @PhilipDAth .

 

btw do you have some tutorial or documentation configure tunnel-private-group-id on freeradius  ?

Highlighted
Kind of a big deal

Re: Does Meraki accept RADIUS Tunnel-Private-Group-Id attribute being VLAN name and not VLAN ID ?

Google is thick with answers.

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.