Radius Proxy

jmsommer
Just browsing

Radius Proxy

Hi, 

 

I would like to use Radius proxy feature for 802.1X authentication.

I have a NPS running this in my network, so for sites connected with a VPN, no issue.

However, I have some site with no VPN, with a small private network connected directly on internet. I want them to use a Meraki AP with same SSID and same credential as in head office. 

Radius Proxy seems to be great solution, but I need to open my radius to internet, and security team will reject such request until I give the right answer. So, is it secure to do this ? Anyone of you put it in prod over dozen of countries or remote branch office?

 

BR, JM

 

4 Replies 4
WadeAlsup
A model citizen

Hi @jmsommer

 

Documentation leads me to believe that you could setup the SSID on the remote network MR to be VPN concentrated and as such pass the authentication on to the main network through it's MX. However, that would pass your remote network traffic on that SSID through the main network MX as well, no? I would also be curious to see any answers on opening RADIUS up to the internet as I have no experience with this. 

 

Documentation on VPN Concentration and WPA2 - Enterprise authentication


Found this helpful? Give me some Kudos! (click on the little up-arrow below) and If my reply solved your issue, please mark it as a solution 🙂
PhilipDAth
Kind of a big deal
Kind of a big deal

I wouldn't want to expose my RADIUS server to the Internet either.

 

If you do enable the RADIUS proxy feature then if you go Help/Firewall Info it will tell you the firewall rules you need to add.

jmsommer
Just browsing

Hi,

 

To get the valid firewall info you need to enable Radius on a "splash page", otherwise it give you your own network as source and your own IP (Public or Private) as destination. I got it by opening a case, they discover it was not handle by the choice of "Use Meraki Proxy" but only for the splash option.

 

BR, JM

Andrew-nedwos
Conversationalist

I use JumpCloud.com with Meraki and no problems.
nedwos.co.uk - where technology meets common sense
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels