Meraki

jmsommer · ‎Oct 23 2017

Hi,

I would like to use Radius proxy feature for 802.1X authentication.

I have a NPS running this in my network, so for sites connected with a VPN, no issue.

However, I have some site with no VPN, with a small private network connected directly on internet. I want them to use a Meraki AP with same SSID and same credential as in head office.

Radius Proxy seems to be great solution, but I need to open my radius to internet, and security team will reject such request until I give the right answer. So, is it secure to do this ? Anyone of you put it in prod over dozen of countries or remote branch office?

BR, JM

WadeAlsup · ‎Oct 23 2017

Hi @jmsommer,

Documentation leads me to believe that you could setup the SSID on the remote network MR to be VPN concentrated and as such pass the authentication on to the main network through it's MX. However, that would pass your remote network traffic on that SSID through the main network MX as well, no? I would also be curious to see any answers on opening RADIUS up to the internet as I have no experience with this.

Documentation on VPN Concentration and WPA2 - Enterprise authentication

Found this helpful? Give me some Kudos! (click on the little up-arrow below) and If my reply solved your issue, please mark it as a solution 🙂

PhilipDAth · ‎Oct 24 2017

I wouldn't want to expose my RADIUS server to the Internet either.

If you do enable the RADIUS proxy feature then if you go Help/Firewall Info it will tell you the firewall rules you need to add.

jmsommer · ‎Oct 24 2017

Hi,

To get the valid firewall info you need to enable Radius on a "splash page", otherwise it give you your own network as source and your own IP (Public or Private) as destination. I got it by opening a case, they discover it was not handle by the choice of "Use Meraki Proxy" but only for the splash option.

BR, JM

Andrew-nedwos · ‎Oct 24 2017

I use JumpCloud.com with Meraki and no problems.

nedwos.co.uk - where technology meets common sense