Hello,
I have a Radius Server and lot of MR Access point.
Wifi is protected by Radius authentication.
All the AP have to be declared on the Radius Server for it to work.
How i can declare onfly one IP adresse for all the AP in the same network to simplify the radius configuration ?
I have seen some option like NAS ID, caller ID,...
Do you have any idea ?
Thanks.
Solved! Go to solution.
As mentioned by @DarrenOC, go for a per subnet radius client entry on you radius solution.
Radius attributes like NAS ID / Type etc...... cant be used for the authentication of the radius session itself, it will be used when the radius session correctly configured and working, mainly to filter client connection like SSID, connection speed, wireless capabilities, so you can make very specific authorization rules for the clients as radius results.
The only way to use 1 IP for all clients, but in my not the way to go is place as close to the radius server a NAT device who translates al requests, but this makes troubleshooting a real pain in the....... ( to be filled in to you favorite 🙂 )
Also one common practice as we do a lot of Cisco Blue / Meraki or hybrid setups with radius ( mainly Cisco ISE), we make 2 mgmt vlans, one for the switches and other for the AP's per location, this to make the radius differences between types easier from ISE/Radius perspective.
Hope this helps. if not let us know and help you further
with regards Yoeri
Instead of configuring each individual AP IP add the IP subnet.
Yes, put all meraki hardware in the same vlan and add that subnet to the radius.
Another option is radius proxy
As mentioned by @DarrenOC, go for a per subnet radius client entry on you radius solution.
Radius attributes like NAS ID / Type etc...... cant be used for the authentication of the radius session itself, it will be used when the radius session correctly configured and working, mainly to filter client connection like SSID, connection speed, wireless capabilities, so you can make very specific authorization rules for the clients as radius results.
The only way to use 1 IP for all clients, but in my not the way to go is place as close to the radius server a NAT device who translates al requests, but this makes troubleshooting a real pain in the....... ( to be filled in to you favorite 🙂 )
Also one common practice as we do a lot of Cisco Blue / Meraki or hybrid setups with radius ( mainly Cisco ISE), we make 2 mgmt vlans, one for the switches and other for the AP's per location, this to make the radius differences between types easier from ISE/Radius perspective.
Hope this helps. if not let us know and help you further
with regards Yoeri
@YoeriOppelaar1 Good idea on the dual mgmt VLANs
One dedicated vlan for the AP mgmt and declare the subnet on the radius server seem to be the best solution.
Thanks for your help.
I'm with @DarrenOC on this one.
With RADIUS Proxy