cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Meraki MR AP's Integration with AVAYA IDE RADIUS

SOLVED
Here to help

Meraki MR AP's Integration with AVAYA IDE RADIUS

Hi there,

 

We are replacing 40 AVAYA Wirelss APs with Meraki MR45 APs; however, the client currently is using  Avaya Identity Engines Ignition Server IDE (RADIUS) which performs authentication and identity services. Unfortunately under authenticator details, I can't find Meraki under "Vendor" drop menu (Cisco is there)...

 

Is there a way to confirm that Meraki MR 45 will be authenticated via AVAYA RADIUS  ?

 

IDE.PNG

1 ACCEPTED SOLUTION

Accepted Solutions
Kind of a big deal

Re: Meraki MR AP's Integration with AVAYA IDE RADIUS

Just use Cisco.

 

You are highly likely to be using standard RADIUS attributes - which means it will work with almost any manufacturer selected.

12 REPLIES 12
Head in the Cloud

Re: Meraki MR AP's Integration with AVAYA IDE RADIUS

Well, I haven´t test it, but regarding to this document, it sounds like every radius server can be the radius.

I would use Cisco as the vendor.

 

https://documentation.meraki.com/MR/Encryption_and_Authentication/Configuring_RADIUS_Authentication_...

 

if you already have the MR´s (assuming this, as you wrote you replace the APs and not planning to), you could setup everything and within the dashboard you can check the authentification, if it works.

 

Wireless -> AccessControll -> Radius Server

Here to help

Re: Meraki MR AP's Integration with AVAYA IDE RADIUS

Thanks so much for your reply!

 

According to this article below I need to obtain the RADIUS dictionary from my vendor (Meraki) and their numerical vendor ID.

 

https://gtacknowledge.extremenetworks.com/articles/How_To/000037372

 

Do you know how can I get these information of Meraki AP?

Head in the Cloud

Re: Meraki MR AP's Integration with AVAYA IDE RADIUS

Here to help

Re: Meraki MR AP's Integration with AVAYA IDE RADIUS

Thanks for your reply! 

 

I believe RADIUS dictionary composite of RADIUS VSA Name & Attribute Type

 

Kindly check the picture below :

 

RADIUS1.PNGRADIUS2.PNG

Kind of a big deal

Re: Meraki MR AP's Integration with AVAYA IDE RADIUS

I think you'll probably have to create a custom device template in the Avaya IDE. I haven't tested with any of this so I can only try to point you in the right direction.

 

You should know that for dynamic VLAN assignment and group policy assignment Meraki expects the RADIUS server to use any of these four fields (you can configure which one it's actually sending):

2019-07-29 21_17_16-Access Control Configuration - Meraki Dashboard.png

 

The following page also provides details about these from a numeric perspective:

https://community.cisco.com/t5/security-documents/ise-network-access-attributes/ta-p/3616253#toc-hId...

 

See if you can figure out a way to have Avaya IDE send one of these.

 

Hopefully that helps already.

Here to help

Re: Meraki MR AP's Integration with AVAYA IDE RADIUS

Thank you so much for your reply!

 

In order to create a custom device template in the Avaya IDE, we need Meraki  RADIUS Dictionary Files ...

Where can I obtain them?

 

RADIUS attribute Files:  (RADIUS VSA Name/ Attribute Type) and vendor ID for Meraki MR 

Kind of a big deal

Re: Meraki MR AP's Integration with AVAYA IDE RADIUS

Just use Cisco.

 

You are highly likely to be using standard RADIUS attributes - which means it will work with almost any manufacturer selected.

Kind of a big deal

Re: Meraki MR AP's Integration with AVAYA IDE RADIUS

You could also consider changing to a different RADIUS product.  Microsoft Network Policy Server (NPS) is very popular because it comes with Windows Server.

Here to help

Re: Meraki MR AP's Integration with AVAYA IDE RADIUS

Thanks so much for your reply!

 

I've been contacting AVAYA/Extremenetworks support and they are not sure if selecting Cisco as vendor will work for Meraki. However, they showed me how to add new vendor and new selection of attribute value pairs specific to that vendor under the Vendors listing. (Does Meraki have a Vendor ID?)

https://gtacknowledge.extremenetworks.com/articles/How_To/000037372

 

The client currently is using AVAYA IDE as RADIUS server and it's up and running and working fine, so he is not looking to replace it with Microsoft Network Policy Server (NPS).

 

We are going for live deployment in two days; and I can't risk it if the AVAYA IDE RADIUS doesn't accept Cisco vendor for Meraki.

Kind of a big deal

Re: Meraki MR AP's Integration with AVAYA IDE RADIUS

Going live without a POC seems like a bad idea tbh 😮. Dot1x can seriously mess with your network if not working correctly.

 

I don't think Meraki has its own Vendor ID. As I posted before it integrates nicely with third party RADIUS servers and works with multiple fields from multiple vendors. You just need to configure which field your RADIUS is going to send to the authenticators (in this case the APs).

Head in the Cloud

Re: Meraki MR AP's Integration with AVAYA IDE RADIUS

Well, two days is enough time for a POC, but you shouldn´t go live without the POC... 

 

as far as I understand, it´s even not working at the moment?

Here to help

Re: Meraki MR AP's Integration with AVAYA IDE RADIUS

Thanks so much!

 

It works with Cisco as vendor!

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.