MX IP as a Radius Client

Getting noticed

MX IP as a Radius Client



I am trying to set up vpn client using Azure MFA but I am not quite familiar with this and I am having some issues. We have configured the NPS server and also I have configure VPN Client on the meraki. I am finding it confusing which IP should I use on the NPS server as a radius client. 


I found this on the documentation:


Enter the IP Address of your MX Security Appliance or Z1 Teleworker Gateway. This IP will differ depending on where the RADIUS server is located:

  • On a local subnet - Use the IP address of the MX/Z1 on the subnet shared with the RADIUS server.
  • Over a static route - Use the IP address of the MX/Z1 on the subnet shared with the next hop.
  • Over VPN - Use the IP address of the MX/Z1 on the highest-numbered VLAN in VPN.


Our NPS server is located on Azure and is reachable via VPN tunnel. But which IP should I use as a radius client. We do have some vlans on the meraki MX. Should I just pick one of them?

Kind of a big deal

Are you accessing the Azure resources via VPN?

If so, use the IP of the highest numbered VLAN on your device.


Fun tip - syslog will also use the highest numbered vlan on your device when syslog is sent over VPN to a collector.

Hi Nash,


Thank you for the reply. Yes the radius server is on Azure and we have VPN established between. The connection works. All right, I will test then with the highest vlans MX IP and see if that works. Thank you 🙂

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.