Meraki

Dardan · ‎Feb 19 2021

Hello guys,

After having read the Meraki configuration regarding external Radius setup, I noticed it is stated I should expose my Radius server to the Internet. However, this is not possible in our current network infrastructure. So I configured one AP (for testing purpose) with local Radius IP (our infrastructure is basically a Metropol Area Network so our routers use internal IPs s and routes) and it seems to be working. Now if I want to configure other APs (63 in total) to be authenticated on my Radius server, do I have to create 60+ client entries on my Radius server (for each AP) or is there anyway to configure for instance 2 APs which would be acting as Radius proxies? The purpose would be to direct Radius traffic from the 60+ other APs to those "proxified" APs and avoid inserting many radius entries.

To sum up, the scenario would look like:

2 APs (proxies) configured with my Radius server infos and authenticated on my Radius server.

60+ APs configured with these proxies IPs <-- no need to allow these APs on my Radius server.

Thank you in advance for your help.

Regards

ww · ‎Feb 19 2021

You need to add them all.

We put them in management subnets. And then add the subnet to the radius.

View solution in original post

ww · ‎Feb 19 2021

You need to add them all.

We put them in management subnets. And then add the subnet to the radius.

PhilipDAth · ‎Feb 20 2021

You don't mention what RADIUS server you are using - but every RADIUS server I have used allows you to specify a subnet for RADIUS clients.

I NEVER add the APs as individual clients. Tedious.

So where it asks you for an IP address in your RADIUS server, try putting in a subnet (e,g. 10.0.0.0/8).

Dardan · ‎Feb 23 2021

It is freeradius and of course I can specify a subnet for clients. Thanks.

Meraki

Community

Question regarding radius proxy configuration

Question regarding radius proxy configuration