Meraki

Community

Does Meraki accept RADIUS Tunnel-Private-Group-Id attribute being VLAN name and not VLAN ID ?

Solved
BeepBeep1
Conversationalist
‎May 22 2020 10:32 AM
‎May 22 2020 10:32 AM

Does Meraki accept RADIUS Tunnel-Private-Group-Id attribute being VLAN name and not VLAN ID ?

Dear Meraki community,

 

I am considering using OneLogin RADIUS service for my company wired and wireless authentication.

 

The problem being that I can only configure the RADIUS attribute Tunnel-Private-Group-Id value to be the matching role name of my user and not the role VLAN ID.

 

So for example, if I'm assigned the HR role on OneLogin, the RADIUS reply message will be the following 

     Tunnel-Private-Group-Id:0 = "HR"
     Tunnel-Type:0 = VLAN
     Tunnel-Medium-Type:0 = IPv4
     Filter-Id = "HR;Social Media"

 

Can Meraki properly interpret this RADIUS reply message and assign the "HR" VLAN declared in my Dashboard ?

 

Thank you all in advance 🙏

0 Kudos
1 Accepted Solution
jdsilva
Kind of a big deal
‎May 22 2020 12:23 PM
‎May 22 2020 12:23 PM

So the answer is no to tunnel-group-id, but I see there is Filter-Id in the response. You can use that to assign a Group Policy to the user/device, which in turn can specify a VLAN. Maybe that approach will work for you?

 

https://documentation.meraki.com/MR/Group_Policies_and_Blacklisting/Using_RADIUS_Attributes_to_Apply...

 

https://documentation.meraki.com/zGeneral_Administration/Cross-Platform_Content/Creating_and_Applyin...

 

 

http://blog.brokennetwork.ca | @jdsilva

View solution in original post

9 Replies 9
jdsilva
Kind of a big deal
‎May 22 2020 12:23 PM
‎May 22 2020 12:23 PM

So the answer is no to tunnel-group-id, but I see there is Filter-Id in the response. You can use that to assign a Group Policy to the user/device, which in turn can specify a VLAN. Maybe that approach will work for you?

 

https://documentation.meraki.com/MR/Group_Policies_and_Blacklisting/Using_RADIUS_Attributes_to_Apply...

 

https://documentation.meraki.com/zGeneral_Administration/Cross-Platform_Content/Creating_and_Applyin...

 

 

http://blog.brokennetwork.ca | @jdsilva
In response to jdsilva
jdsilva
Kind of a big deal
‎May 22 2020 12:25 PM
‎May 22 2020 12:25 PM

Sorry, I take that back! I should know better to double check before I answer!

 

It looks like tunnel-group-id is honoured, but it needs to be the VLAN number, not the name.

 

image.png

 

https://documentation.meraki.com/MR/Encryption_and_Authentication/Configuring_RADIUS_Authentication_...

 

 

http://blog.brokennetwork.ca | @jdsilva
In response to jdsilva
BeepBeep1
Conversationalist
‎May 22 2020 11:57 PM
‎May 22 2020 11:57 PM

Thank you @jdsilva and @PhilipDAth @for your answers !

 

I’ll probably stick with the group policy through the filter-id.

 

feature request might take a while at OneLogin.

 

 

PhilipDAth
Kind of a big deal
Kind of a big deal
‎May 22 2020 4:56 PM
‎May 22 2020 4:56 PM

To add to @jdsilva response further - Meraki has no concept of a VLAN name.  So you can only use id's (and group policy names).

In response to PhilipDAth
HandikaNursandy
Comes here often
‎Jun 9 2020 11:23 PM
‎Jun 9 2020 11:23 PM

Hallo Guys.

 

Me by working on a project using a radius that is combined with the radius of the server.

Type radius of what server is suitable for use with Cisco Meraki. Does Freeradius be able to do "Tunnel-Private-Group-ID" in Cisco connection with the Meraki?

0 Kudos
In response to HandikaNursandy
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jun 10 2020 4:33 PM
‎Jun 10 2020 4:33 PM

>Does Freeradius be able to do "Tunnel-Private-Group-ID" in Cisco connection with the Meraki?

 

Yes.

0 Kudos
In response to PhilipDAth
HandikaNursandy
Comes here often
‎Jun 10 2020 9:45 PM
‎Jun 10 2020 9:45 PM

thanks for your answers @PhilipDAth .

 

btw do you have some tutorial or documentation configure tunnel-private-group-id on freeradius  ?

0 Kudos
In response to HandikaNursandy
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jun 10 2020 10:02 PM
‎Jun 10 2020 10:02 PM

Google is thick with answers.

0 Kudos
Jens94
Conversationalist
‎Mar 3 2022 7:33 AM
‎Mar 3 2022 7:33 AM

Hi BeepBeep1,

 

check out firmware version 15.x for MS.

With this version VLAN Profiles are introduced. With this feature you can use named vlans via RADIUS Tunnel-Private-Group-Id attribute.

Back to the top
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.