Meraki

Community

OWE with Splash page Sign on with My Radius Server

ammahend
Building a reputation
‎Nov 14 2023 3:01 PM
‎Nov 14 2023 3:01 PM

OWE with Splash page Sign on with My Radius Server

Has anyone set an SSID with OWE security and Splash page Sign on with My Radius Server (Radius server is ISE in my case), I don't even see any log coming into ISE, I know communication is working because my radius tests are successful. I tried with passthrough and it works, I tried with Meraki Cloud Authentication and it works but not with My Radius.

users get redirected to splash page prompting for username and password, but when they enter credential, it says access denied with no logs on ISE atall.

 

Is there a user guide I can follow or any tips from someone who has deployed in this way ?

Wondering if radius need to have a static NAT with a public IP and need to be accessible from internet, if the request is sourced from dashboard and not AP itself ?

0 Kudos
8 Replies 8
alemabrahao
Kind of a big deal
Kind of a big deal
‎Nov 14 2023 4:20 PM
‎Nov 14 2023 4:20 PM

Yes you need to have public IP so you need to create a NATfor this server. Because who will communicate with the server is not the access point but the Meraki cloud.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
alemabrahao
Kind of a big deal
Kind of a big deal
‎Nov 14 2023 4:35 PM
‎Nov 14 2023 4:35 PM

Screenshot_20231114-213505.png

 

https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Configuring_RADIUS_Au...

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
In response to alemabrahao
ammahend
Building a reputation
‎Nov 14 2023 5:28 PM
‎Nov 14 2023 5:28 PM

Thanks, in the example only 4 dashboard public IP as used on radius as NAD, is this list still accurate or there is more to it ?

ammahend_0-1700011708652.png

 

0 Kudos
In response to ammahend
ammahend
Building a reputation
‎Nov 14 2023 5:49 PM
‎Nov 14 2023 5:49 PM

nevermind

0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Nov 14 2023 7:32 PM
‎Nov 14 2023 7:32 PM

What is OWE security?

0 Kudos
In response to PhilipDAth
alemabrahao
Kind of a big deal
Kind of a big deal
‎Nov 15 2023 3:54 AM
‎Nov 15 2023 3:54 AM

Wi-Fi Enhanced Open is a new WFA security standard for public networks based on opportunistic wireless encryption (OWE).

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
ammahend
Building a reputation
‎Nov 21 2023 10:25 AM
‎Nov 21 2023 10:25 AM

Thank you everyone for your help and comments, I just finished testing it and it works well, a follow up question would be design specific because I only tested with few users, what design consideration I need to take into account when deploying this at a larger scale with say 5000 devices, I am looking at those many radius request hitting my firewall and ISE ... any recommendation for e.g may be keep interim update timer high etc, overhead per authentication session etc ? I will greatly appreciate any deployment experience.

0 Kudos
In response to ammahend
alemabrahao
Kind of a big deal
Kind of a big deal
‎Nov 21 2023 10:35 AM
‎Nov 21 2023 10:35 AM

I've seen networks with more than 8 thousand users and the interim update timer set to zero and I haven't noticed any problems.
 
I don't remember there being a good practice document on this.
I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.