Meraki Community

Alexs20 · ‎Aug 28 2023

Hi, maybe someone know the answer to the following, CoA related, question.

I've verified that the AP responds to CoA messages initiated from the local network. However, the actual requirement is to send these messages from the internet, externally. The option of configuring port forwarding for each AP individually is not very feasible due to security concerns and the complexity involved, especially with a potentially large number of APs. As a result, the only viable approach seems to involve routing these messages from a single open port to the respective AP, based on specific criteria such as the 'NAS-IP-Address' value. So, my question is: does Meraki offer any hardware solutions that can facilitate this message forwarding? Alternatively, is there an alternative solution that I might not have considered?

Thanks

ww · ‎Aug 28 2023

https://documentation.meraki.com/MR/Encryption_and_Authentication/RADIUS_Proxy_for_WPA2-Enterprise_S...

alemabrahao · ‎Aug 28 2023

I don't know if a Radius proxy is a good solution, I see it as another point of failure, not to mention that I've seen some problems when using Radius Proxy, but that's just my opinion.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

ww · ‎Aug 28 2023

We dont use it either. Most times radius behind a vpn is possible.

PhilipDAth · ‎Aug 28 2023

It would be best to have a VPN from the AP management VLAN to the RADIUS server.

Meraki Community

CoA messages from outside (Internet)

CoA messages from outside (Internet)