Question regarding radius proxy configuration

SOLVED
Dardan
Conversationalist

Question regarding radius proxy configuration

Hello guys,

 

After having read the Meraki configuration regarding external Radius setup, I noticed it is stated I should expose my Radius server to the Internet. However, this is not possible in our current network infrastructure. So I configured one AP (for testing purpose) with local Radius IP (our infrastructure is basically a Metropol Area Network so our routers use internal IPs s and routes) and it seems to be working. Now if I want to configure other APs (63 in total) to be authenticated on my Radius server, do I have to create 60+ client entries on my Radius server (for each AP) or is there anyway to configure for instance 2 APs which would be acting as Radius proxies? The purpose would be  to direct Radius traffic from the 60+ other APs to those "proxified" APs and avoid inserting many radius entries.

 

To sum up, the scenario would look like:

2 APs (proxies) configured with my Radius server infos and authenticated on my Radius server.

60+ APs configured with these proxies IPs <-- no need to allow these APs on my Radius server.

 

Thank you in advance for your help.

Regards

1 ACCEPTED SOLUTION
ww
Kind of a big deal
Kind of a big deal

You need to add them all.

We put them in management subnets.  And then add the subnet to the radius.

 

View solution in original post

3 REPLIES 3
ww
Kind of a big deal
Kind of a big deal

You need to add them all.

We put them in management subnets.  And then add the subnet to the radius.

 

PhilipDAth
Kind of a big deal
Kind of a big deal

You don't mention what RADIUS server you are using - but every RADIUS server I have used allows you to specify a subnet for RADIUS clients.

I NEVER add the APs as individual clients.  Tedious.

 

So where it asks you for an IP address in your RADIUS server, try putting in a subnet (e,g. 10.0.0.0/8).

Dardan
Conversationalist

It is freeradius and of course I can specify a subnet for clients. Thanks.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels