Meraki

Community

About Complit

Re: Azure AD authentication on Meraki WiFi

by in Wireless
‎Mar 3 2025 11:08 PM
‎Mar 3 2025 11:08 PM
Hi, with Wiflex, this process is seamless. When a user leaves the company, their PSK is automatically deleted. Users can easily obtain their personal PSK by logging into a portal using their Entra ID. Additionally, you can assign different rights (VLAN/group policies) based on their Azure group memberships. Already running in a lot larger environments. https://wiflex.eu/wifionboarder-gsuite-azure/ ... View more

Re: Integration with ppsk-kiosk.com or similar

by in Wireless
‎Oct 23 2023 1:48 AM
‎Oct 23 2023 1:48 AM
https://wiflex.eu is an alternative for PPSK kiosk that integrates with Meraki. They also have visitor registration and BYOD (connection with Azure en Google Workspace) based on Ipsk. ... View more

Re: iPSK Configuration with Microsoft NPS

by in Wireless
‎May 26 2020 4:42 AM
‎May 26 2020 4:42 AM
Indeed look very promising. But I hope they well increase the number of allowed unique psk's. To give an example: Mist can do 5000 and Cisco Meraki 50. But it is a nice start! ... View more

Re: iPSK Configuration with Microsoft NPS

by in Wireless
‎May 26 2020 2:00 AM
‎May 26 2020 2:00 AM
In beta version 27.1 you have the feature IPSK without radius. Very interesting. But I don't like the limit of 50 unique psk's per ssid.    https://documentation.meraki.com/MR/Encryption_and_Authentication/IPSK_Authentication_Without_RADIUS ... View more

Re: Problems with setting up Freeradius for iPSK

by in Wireless
‎Feb 21 2020 2:30 AM
‎Feb 21 2020 2:30 AM
In the coming weeks. But don't know the exact date. ... View more

Re: Problems with setting up Freeradius for iPSK

by in Wireless
‎Feb 20 2020 10:39 AM
‎Feb 20 2020 10:39 AM
I had a call with an SE from Meraki. Probably it is a bug. They are investigating this issue. They also mentioned that there will be lauched an ipsk feature without Radius. Just what I need 😄 ... View more

Re: Problems with setting up Freeradius for iPSK

by in Wireless
‎Feb 19 2020 6:33 AM
‎Feb 19 2020 6:33 AM
Thanks a lot. I think I'm almost there.   Freeradius return accept-accept but Meraki is rejecting it. Feb 19 15:22:04 complit-PC 802.11 disassociation unspecified reason Feb 19 15:21:59 complit-PC WPA deauthentication radio: 1, vap: 3, client_mac: 28:16:AD:CA:F3:6E  « hide aid 1404825037 Feb 19 15:21:59 complit-PC RADIUS authentication resp: reject Feb 19 15:21:59 complit-PC 802.11 association channel: 108, rssi: 15 Feb 19 15:11:57 complit-PC 802.11 disassociation unspecified reason Feb 19 15:11:52 complit-PC WPA deauthentication radio: 1, vap: 3, client_mac: 28:16:AD:CA:F3:6E  more » Feb 19 15:11:52 complit-PC 802.11 association channel: 108, rssi: 15 Feb 19 15:11:52 complit-PC RADIUS authentication resp: reject     output freeradius:   (0) Received Access-Request Id 4 from 10.10.0.107:32978 to 10.10.0.5:1812 length 221 (0) User-Name = "2816adcaf36e" (0) User-Password = "2816adcaf36e" (0) NAS-IP-Address = 10.10.0.107 (0) Called-Station-Id = "EE-55-2D-F2-EA-CA:Meraki-Wiflex" (0) NAS-Port-Type = Wireless-802.11 (0) Attr-26.29671.2 = 0x436f6d706c69742d747269616c202d20776972656c657373 (0) Attr-26.29671.3 = 0x4d6572616b694170436f6d706c6974 (0) Calling-Station-Id = "28-16-AD-CA-F3-6E" (0) Connect-Info = "CONNECT 11Mbps 802.11b" (0) Message-Authenticator = 0x8d3a513504ca2a031fa69f69d3246684 (0) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default (0) authorize { (0) policy filter_username { (0) if (&User-Name) { (0) if (&User-Name) -> TRUE (0) if (&User-Name) { (0) if (&User-Name =~ / /) { (0) if (&User-Name =~ / /) -> FALSE (0) if (&User-Name =~ /@[^@]*@/ ) { (0) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (0) if (&User-Name =~ /\.\./ ) { (0) if (&User-Name =~ /\.\./ ) -> FALSE (0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (0) if (&User-Name =~ /\.$/) { (0) if (&User-Name =~ /\.$/) -> FALSE (0) if (&User-Name =~ /@\./) { (0) if (&User-Name =~ /@\./) -> FALSE (0) } # if (&User-Name) = notfound (0) } # policy filter_username = notfound (0) [preprocess] = ok (0) [chap] = noop (0) [mschap] = noop (0) [digest] = noop (0) suffix: Checking for suffix after "@" (0) suffix: No '@' in User-Name = "2816adcaf36e", looking up realm NULL (0) suffix: No such realm "NULL" (0) [suffix] = noop (0) eap: No EAP-Message, not doing EAP (0) [eap] = noop (0) sql: EXPAND %{User-Name} (0) sql: --> 2816adcaf36e (0) sql: SQL-User-Name set to '2816adcaf36e' rlm_sql (sql): Reserved connection (1) (0) sql: EXPAND SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id (0) sql: --> SELECT id, username, attribute, value, op FROM radcheck WHERE username = '2816adcaf36e' ORDER BY id (0) sql: Executing select query: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '2816adcaf36e' ORDER BY id (0) sql: User found in radcheck table (0) sql: Conditional check items matched, merging assignment check items (0) sql: Cleartext-Password := "2816adcaf36e" (0) sql: EXPAND SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id (0) sql: --> SELECT id, username, attribute, value, op FROM radreply WHERE username = '2816adcaf36e' ORDER BY id (0) sql: Executing select query: SELECT id, username, attribute, value, op FROM radreply WHERE username = '2816adcaf36e' ORDER BY id (0) sql: EXPAND SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority (0) sql: --> SELECT groupname FROM radusergroup WHERE username = '2816adcaf36e' ORDER BY priority (0) sql: Executing select query: SELECT groupname FROM radusergroup WHERE username = '2816adcaf36e' ORDER BY priority (0) sql: User not found in any groups rlm_sql (sql): Released connection (1) Need 4 more connections to reach 10 spares rlm_sql (sql): Opening additional connection (6), 1 of 26 pending slots used rlm_sql_mysql: Starting connect to MySQL server rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX socket, server version 5.7.29-0ubuntu0.18.04.1, protocol version 10 (0) [sql] = ok (0) [expiration] = noop (0) [logintime] = noop (0) [pap] = updated (0) } # authorize = updated (0) Found Auth-Type = PAP (0) # Executing group from file /etc/freeradius/3.0/sites-enabled/default (0) Auth-Type PAP { (0) pap: Login attempt with password (0) pap: Comparing with "known good" Cleartext-Password (0) pap: User authenticated successfully (0) [pap] = ok (0) } # Auth-Type PAP = ok (0) # Executing section post-auth from file /etc/freeradius/3.0/sites-enabled/default (0) post-auth { (0) update { (0) No attributes updated (0) } # update = noop (0) sql: EXPAND .query (0) sql: --> .query (0) sql: Using query template 'query' rlm_sql (sql): Reserved connection (2) (0) sql: EXPAND %{User-Name} (0) sql: --> 2816adcaf36e (0) sql: SQL-User-Name set to '2816adcaf36e' (0) sql: EXPAND INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{SQL-User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S') (0) sql: --> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '2816adcaf36e', '2816adcaf36e', 'Access-Accept', '2020-02-19 14:21:59') (0) sql: Executing query: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '2816adcaf36e', '2816adcaf36e', 'Access-Accept', '2020-02-19 14:21:59') (0) sql: SQL query returned: success (0) sql: 1 record(s) updated rlm_sql (sql): Released connection (2) (0) [sql] = ok (0) [exec] = noop (0) policy remove_reply_message_if_eap { (0) if (&reply:EAP-Message && &reply:Reply-Message) { (0) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE (0) else { (0) [noop] = noop (0) } # else = noop (0) } # policy remove_reply_message_if_eap = noop (0) } # post-auth = ok (0) Sent Access-Accept Id 4 from 10.10.0.5:1812 to 10.10.0.107:32978 length 0 (0) Finished request Waking up in 4.9 seconds. (0) Cleaning up request packet ID 4 with timestamp +17 Ready to process requests   If I have a look at the radpostauth table I get: | 7 | 2816adcaf36e | 2816adcaf36e | Access-Accept | 2020-02-19 13:33:05 | | 8 | 2816adcaf36e | 2816adcaf36e | Access-Accept | 2020-02-19 14:11:52 | | 9 | 2816adcaf36e | 2816adcaf36e | Access-Accept | 2020-02-19 14:21:59 | ... View more

Re: Problems with setting up Freeradius for iPSK

by in Wireless
‎Feb 18 2020 5:46 AM
‎Feb 18 2020 5:46 AM
Thanks again. I'm totally new to Freeradius. So we need to tell freeradius to use a database instead of the configuration file? I will try to use mysql and find a way to import the users into mysql from our system. Let's google :-D. If you have any interesting documentation, you may always post it :-D. Do you know why Meraki/Cisco chose to create unique psk's based on radius server instead of a solution like Aerohive/Ruckus? ... View more

Re: Problems with setting up Freeradius for iPSK

by in Wireless
‎Feb 18 2020 1:43 AM
‎Feb 18 2020 1:43 AM
You hero! Now it's working. I think Meraki need to update there documentation :-D.    The only thing I need to figure out is how I can create new ipsk's by api's on the freeradius server. We are trying to create a BYOD solution where users can onboard themself by logging in with their AzureAD/Offfice365/Gsuiste credentials and get an IPSK in the right vlan. Vlan is based on the security group in Azure AD/Office365/Gsuite. If they leave the organisation we will delete the ipsk.     ... View more

Re: Problems with setting up Freeradius for iPSK

by in Wireless
‎Feb 18 2020 12:59 AM
‎Feb 18 2020 12:59 AM
Thanks a lot guys!!!! Was very helpfull.   Now the default password is working as ipsk. But my user ipsk is still not working. Freeradius is starting good. Any idea what I can check? ... View more

Problems with setting up Freeradius for iPSK

by in Wireless
‎Feb 17 2020 4:43 AM
1 Kudo
‎Feb 17 2020 4:43 AM
1 Kudo
Dear,   I installed a Ubuntu server and installed freeradius on it. Freeradius is starting as expected.   But when I follow the steps of the topic: https://documentation.meraki.com/MR/Encryption_and_Authentication/IPSK_with_RADIUS_Authentication   I get error messages when I start freeradius after I changed the users file.   Users file:     Error message:   Can someone help me with this? I'm new to freeradius. ... View more

Re: Azure AD authentication on Meraki WiFi

by in Wireless
‎Feb 9 2020 12:18 AM
‎Feb 9 2020 12:18 AM
I would not recommend using a splash portal (open ssid) for corporate users. We are looking into a solution with ipsk and Azure. I'll keep you up to date. ... View more

You are being redirected

by in Developers & APIs
‎Jun 4 2018 1:31 AM
‎Jun 4 2018 1:31 AM
Probably a stupid question :-D.   I want to get all the clients on the network. My script is working but I get the sentence "You are being redirected" instead of an array with the data. If I click on the link behind "Redirected" I get all the data. But I need this info for my script. Any help would be great. My code: <?php $request = new HttpRequest(); $request->setUrl('https://api.meraki.com/api/v0/devices/SERIALNUMBER/clients'); $request->setMethod(HTTP_METH_GET); $request->setQueryData(array(   'timespan' => '84000' )); $request->setHeaders(array(   'postman-token' => '7187e3f4-f792-c5f6-da1e-73e51253767d',   'cache-control' => 'no-cache',   'x-cisco-meraki-api-key' => 'api key' )); try {   $response = $request->send();   echo $response->getBody(); } catch (HttpException $ex) {   echo $ex; } ... View more
Labels:
My Top Kudoed Posts
© 2025 Cisco Systems, Inc.