Meraki MR AP's Integration with AVAYA IDE RADIUS

Solved
AhmedK
Here to help

Meraki MR AP's Integration with AVAYA IDE RADIUS

Hi there,

 

We are replacing 40 AVAYA Wirelss APs with Meraki MR45 APs; however, the client currently is using  Avaya Identity Engines Ignition Server IDE (RADIUS) which performs authentication and identity services. Unfortunately under authenticator details, I can't find Meraki under "Vendor" drop menu (Cisco is there)...

 

Is there a way to confirm that Meraki MR 45 will be authenticated via AVAYA RADIUS  ?

 

IDE.PNG

1 Accepted Solution
PhilipDAth
Kind of a big deal
Kind of a big deal

Just use Cisco.

 

You are highly likely to be using standard RADIUS attributes - which means it will work with almost any manufacturer selected.

View solution in original post

12 Replies 12
MarcP
Kind of a big deal

Well, I haven´t test it, but regarding to this document, it sounds like every radius server can be the radius.

I would use Cisco as the vendor.

 

https://documentation.meraki.com/MR/Encryption_and_Authentication/Configuring_RADIUS_Authentication_...

 

if you already have the MR´s (assuming this, as you wrote you replace the APs and not planning to), you could setup everything and within the dashboard you can check the authentification, if it works.

 

Wireless -> AccessControll -> Radius Server

AhmedK
Here to help

Thanks so much for your reply!

 

According to this article below I need to obtain the RADIUS dictionary from my vendor (Meraki) and their numerical vendor ID.

 

https://gtacknowledge.extremenetworks.com/articles/How_To/000037372

 

Do you know how can I get these information of Meraki AP?

MarcP
Kind of a big deal

AhmedK
Here to help

Thanks for your reply! 

 

I believe RADIUS dictionary composite of RADIUS VSA Name & Attribute Type

 

Kindly check the picture below :

 

RADIUS1.PNGRADIUS2.PNG

BrechtSchamp
Kind of a big deal

I think you'll probably have to create a custom device template in the Avaya IDE. I haven't tested with any of this so I can only try to point you in the right direction.

 

You should know that for dynamic VLAN assignment and group policy assignment Meraki expects the RADIUS server to use any of these four fields (you can configure which one it's actually sending):

2019-07-29 21_17_16-Access Control Configuration - Meraki Dashboard.png

 

The following page also provides details about these from a numeric perspective:

https://community.cisco.com/t5/security-documents/ise-network-access-attributes/ta-p/3616253#toc-hId...

 

See if you can figure out a way to have Avaya IDE send one of these.

 

Hopefully that helps already.

AhmedK
Here to help

Thank you so much for your reply!

 

In order to create a custom device template in the Avaya IDE, we need Meraki  RADIUS Dictionary Files ...

Where can I obtain them?

 

RADIUS attribute Files:  (RADIUS VSA Name/ Attribute Type) and vendor ID for Meraki MR 

PhilipDAth
Kind of a big deal
Kind of a big deal

Just use Cisco.

 

You are highly likely to be using standard RADIUS attributes - which means it will work with almost any manufacturer selected.

PhilipDAth
Kind of a big deal
Kind of a big deal

You could also consider changing to a different RADIUS product.  Microsoft Network Policy Server (NPS) is very popular because it comes with Windows Server.

AhmedK
Here to help

Thanks so much for your reply!

 

I've been contacting AVAYA/Extremenetworks support and they are not sure if selecting Cisco as vendor will work for Meraki. However, they showed me how to add new vendor and new selection of attribute value pairs specific to that vendor under the Vendors listing. (Does Meraki have a Vendor ID?)

https://gtacknowledge.extremenetworks.com/articles/How_To/000037372

 

The client currently is using AVAYA IDE as RADIUS server and it's up and running and working fine, so he is not looking to replace it with Microsoft Network Policy Server (NPS).

 

We are going for live deployment in two days; and I can't risk it if the AVAYA IDE RADIUS doesn't accept Cisco vendor for Meraki.

BrechtSchamp
Kind of a big deal

Going live without a POC seems like a bad idea tbh 😮. Dot1x can seriously mess with your network if not working correctly.

 

I don't think Meraki has its own Vendor ID. As I posted before it integrates nicely with third party RADIUS servers and works with multiple fields from multiple vendors. You just need to configure which field your RADIUS is going to send to the authenticators (in this case the APs).

MarcP
Kind of a big deal

Well, two days is enough time for a POC, but you shouldn´t go live without the POC... 

 

as far as I understand, it´s even not working at the moment?

AhmedK
Here to help

Thanks so much!

 

It works with Cisco as vendor!

Get notified when there are additional replies to this discussion.