Meraki

Community

WPA2 und Freeradius

Solved
mglowac5
Conversationalist
‎Aug 23 2024 3:48 AM
‎Aug 23 2024 3:48 AM

WPA2 und Freeradius

Hello, I would like to set up a (Free)Radius server with WPA2 on the MX67.

The Freeradius server is running so far. Daloradius is also installed.

An unencrypted connection (only via MAC) works. Now I would like to set up an encrypted connection. So the clients are not unencrypted in the network.

I have already tried and tested many things, but unfortunately without success. Has anyone here already tried this and been successful?

Thanks!

0 Kudos
1 Accepted Solution
In response to mglowac5
KarstenI
Kind of a big deal
Kind of a big deal
‎Aug 25 2024 5:15 AM
‎Aug 25 2024 5:15 AM

Look at this blog post:

https://goodwi.fi/posts/2024/04/meraki-ipsk-freeradius/

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.

View solution in original post

9 Replies 9
KarstenI
Kind of a big deal
Kind of a big deal
‎Aug 23 2024 6:33 AM
‎Aug 23 2024 6:33 AM

FreeRADIUS can definitely be used as a RADIUS server. But without any information, it is impossible to help.

  1. Is your SSID already configured for Enterprise Authentication?
  2. Do the clients already see the SSID?
  3. Are users asked for a username/password?
  4. What Log do you see in the dashboard, and on the RADIUS-Server?
If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
KH
Meraki Employee
Meraki Employee
‎Aug 23 2024 7:17 AM
‎Aug 23 2024 7:17 AM

Hey @mglowac5 

 

I definitely agree wit @KarstenI  here about needing more information. What exactly isn't working to start, are clients failing authentication or is there not even a Radius packet exchange to begin with? Do you need help with the actual Radius server configuration, or are you able to connect and just not get any kind of connectivity?

If you found this post helpful, please give it kudos. If my answer solved your problem, click "accept as solution" so that others can benefit from it
0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Aug 25 2024 1:54 AM
‎Aug 25 2024 1:54 AM

 

Google found this guide.  Not tested.

https://ulimit.nl/wp-content/uploads/2020/11/meraki-freeradius-802.11x.pdf

 

0 Kudos
mglowac5
Conversationalist
‎Aug 25 2024 2:05 AM
‎Aug 25 2024 2:05 AM

1. Thanks for the PDF. I'll try it out tomorrow.

I have entered Freeradius as an SSID: (MAC-based access control (no encryption)
RADIUS server is requested when establishing a connection), with port 1812.

I can enter clients in Freeradius - and the connection works. Clients that are not entered - can't connect.
No password required, authorization only via the MAC address.

So that works.

But the connection is not encrypted. I can't get the connection to be encrypted. That's my problem.

0 Kudos
In response to mglowac5
KarstenI
Kind of a big deal
Kind of a big deal
‎Aug 25 2024 3:06 AM
‎Aug 25 2024 3:06 AM

Well, if you choose "no encryption", you get no encryption ...

You need either "Enterprise with my RADIUS Server" or "iPSK with RADIUS" as the Security option depending on your needs.

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
0 Kudos
In response to KarstenI
mglowac5
Conversationalist
‎Aug 25 2024 3:24 AM
‎Aug 25 2024 3:24 AM

And I'm stuck. If I use iPSK or Enterprise, I can no longer access the network.
SSID is displayed, but every combination of password or user name fails.
I would like to do it with iPSK. But unfortunately it doesn't work.

0 Kudos
In response to mglowac5
KarstenI
Kind of a big deal
Kind of a big deal
‎Aug 25 2024 5:15 AM
‎Aug 25 2024 5:15 AM

Look at this blog post:

https://goodwi.fi/posts/2024/04/meraki-ipsk-freeradius/

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
In response to mglowac5
GIdenJoe
Kind of a big deal
Kind of a big deal
‎Aug 25 2024 10:07 AM
‎Aug 25 2024 10:07 AM

Are you doing wifi on your MX67 or on an MR access point?  I don't think the MX has iPSK option it can only do pre shared key or dot1x with "my radius server"

If you're talking about an MR access point then you do have multiple options.  Judging from your initial post the setup you need in dashboard is the WPA enterprise with "my radius server"  and then you can fill in your radius server data below (ip for the radius server, port 1812 and a shared secret which needs to match your radius clients config in freeradius.

When you try an authentication please try to take a pcap to see the various attributes being sent by the AP or MX and see what the response is from the radius server.

mglowac5
Conversationalist
‎Aug 26 2024 10:05 PM
‎Aug 26 2024 10:05 PM

Hello everyone,
Thanks for these instructions. That's it. Tunnel password. I haven't read anything about it anywhere. But that's how it works with iPSK and an encrypted connection and authentication via MAC.

Thank you very much!

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.