Meraki

Community

Wireless 802.1X with RADIUS migration questions

Solved
ToryDav
Building a reputation
‎Jan 11 2021 12:13 PM
‎Jan 11 2021 12:13 PM

Wireless 802.1X with RADIUS migration questions

Hello,

I have a question and will provide this diagram for reference:

 

ToryDav_2-1610395629383.png


I am planning to move a clients access points onto the new management network being setup. I successfully migrated all the switches on to static IPs in VLAN 10 already. When I went to migrate the Access Points, I ran into some problems. I know I can make the AP ports on the MDF-STACK a trunk port, native vlan 99 and tag VLAN 10 for the clients. I have tested and validated this will work. 

However this client is using RADIUS authentication on the wireless SSID. The server is in a datacenter VLAN (1) with subnet 192.168.10.91. Today the AP is on the Data (PC) Vlan with a static ip (see above). I want it to migrate onto the management subnet reserved for infastructure devices, and assign clients to the DATA VLAN using bridge mode and VLAN tagging. 

What considerations around the RADIUS authentication should we consider? I have all the suggested rules enabled on the firewall. https://documentation.meraki.com/General_Administration/Other_Topics/Upstream_Firewall_Rules_for_Clo...

Should I be using the RADIUS override on the SSID and have them configure VLAN tags on the messages send from the radius server? 

0 Kudos
1 Accepted Solution
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jan 11 2021 12:19 PM
‎Jan 11 2021 12:19 PM

The RADIUS server will need the new management subnet added for the APs to be recognised as clients to it.

 

I would choose the simplest configuration.  If all users on an SSID will go on the same VLAN then configure the VLAN on the SSID rather than in RADIUS.

View solution in original post

3 Replies 3
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jan 11 2021 12:19 PM
‎Jan 11 2021 12:19 PM

The RADIUS server will need the new management subnet added for the APs to be recognised as clients to it.

 

I would choose the simplest configuration.  If all users on an SSID will go on the same VLAN then configure the VLAN on the SSID rather than in RADIUS.

In response to PhilipDAth
ToryDav
Building a reputation
‎Jan 11 2021 4:03 PM
‎Jan 11 2021 4:03 PM

@PhilipDAth Just to confirm that I am following you -- 

If users using RADIUS on Data VLAN (Same subnet), configure that VLAN under VLAN tagging on bridge mode under the SSID?

But in that configuration that you mention, am I still able to move the access point onto the management vlan, while having the clients on the data vlan?




0 Kudos
In response to ToryDav
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jan 11 2021 4:18 PM
‎Jan 11 2021 4:18 PM

Yes.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.