External Radius server - Apply group policy

Solved
leandro-lorenzi
Conversationalist

External Radius server - Apply group policy

Hey everyone,

I'm doing some research to determine if Meraki is a good solution to my organization. Our current idp solution has a radius server functionality that we intend using for the office WI-FI and VPN authentication.

However, when reading the official documentation I came across the following statement:

 

Group Policies for user groups can only be configured on an SSID that uses a local (customer-premise) RADIUS server for authentication at association time. 

 

https://documentation.meraki.com/MR/Group_Policies_and_Block_Lists/Using_RADIUS_Attributes_to_Apply_...


Does that mean that if my radius server is actually hosted on the cloud, my users will be able to authenticate to the network but I won't be able to enforce any restrictions depending on who that user is? Does anyone know if that's also valid for the client VPN connections? My goal is to segregate the users who should have access to our production assets and the ones who should not.

 

Thanks!

1 Accepted Solution
Ryan_Miles
Meraki Employee
Meraki Employee

Customer premise is maybe a little vague. It means when using "my RADIUS server" vs. local auth or Meraki auth. My RADIUS server can be on prem or cloud hosted.

 

I use Jumpcloud with the RADIUS attribute of Filter-ID to assign a Group Policy I have defined in Meraki dashboard and it works fine.

 

AnyConnect VPN should also be able to leverage a Meraki defined GP. I haven't tested it though.

Ryan / Meraki Solutions Engineer

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.

View solution in original post

2 Replies 2
Ryan_Miles
Meraki Employee
Meraki Employee

Customer premise is maybe a little vague. It means when using "my RADIUS server" vs. local auth or Meraki auth. My RADIUS server can be on prem or cloud hosted.

 

I use Jumpcloud with the RADIUS attribute of Filter-ID to assign a Group Policy I have defined in Meraki dashboard and it works fine.

 

AnyConnect VPN should also be able to leverage a Meraki defined GP. I haven't tested it though.

Ryan / Meraki Solutions Engineer

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.

Cool! I'm actually also using JumpCloud, so I'm happy to know that both solutions work fine! Thanks!

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels