The Meraki Community
Register or Sign in
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
  • About Complit
Complit

Complit

Getting noticed

Member since Jun 4, 2018

‎01-09-2021
Groups
  • API Early Access Group

    API Early Access Group

    545
View All
Kudos from
User Count
KRobert
KRobert
1
PhilipDAth
Kind of a big deal PhilipDAth
2
davidvan
Meraki Alumni (Retired) davidvan
1
kYutobi
kYutobi
1
wbenton
wbenton
1
View All
Kudos given to
User Count
CptnCrnch
Kind of a big deal CptnCrnch
4
PhilipDAth
Kind of a big deal PhilipDAth
1
View All

Community Record

24
Posts
9
Kudos
0
Solutions

Badges

Meraki360
1st Birthday
First 5 Posts
Lift-Off View All
Latest Contributions by Complit
  • Topics Complit has Participated In
  • Latest Contributions by Complit

Re: iPSK - 26.5+

by Complit in Wireless LAN
‎01-09-2021 10:26 AM
‎01-09-2021 10:26 AM
For byod purposes it brings a lot more work. You need to set up a free radius server and all your employees need to give in the mac addresses of all there devices + need to deactivate the mac randomisation. I see a lot of support tickets :-D.    I don't understand why they limit the ipsk without mac on 50.   Other vendors can do 5000 or unlimited.   We have a solution linked to Azure/Office365 and Google Gsuite. They login, they get a ipsk/ppsk/dpsk in the right vlan. If they leave the company we delete the ipsk/ppsk/Dpsk. For easy onboarding we also create a qr code. ... View more

Re: iPSK - 26.5+

by Complit in Wireless LAN
‎01-09-2021 10:10 AM
‎01-09-2021 10:10 AM
The problem with ipsk and radius is that you need to assign a mac address to it. This can give a lot of problems with the mac randomisation that is standard  on the latest versions of Android and IOS. ... View more

Identity api's not working anymore?

by Complit in Developers & APIs
‎06-12-2020 12:52 AM
‎06-12-2020 12:52 AM
We are integrating Meraki on our Wiflex  solution but it seems there are problems with these api's? Do you know when this will be fixed? Yesterday was everything working.   ... View more
Labels:
  • Labels:
  • Dashboard API

Re: iPSK - 26.5+

by Complit in Wireless LAN
‎05-27-2020 01:46 AM
1 Kudo
‎05-27-2020 01:46 AM
1 Kudo
You could also use it for big companies, schools, healthcare (room area networks),.... We have created a solution (https://wiflex.eu) for onboarding employees based on Azure/Office365/Gsuite and unique psk's. We can assign dynamically vlans based on the security group in Azure/Office365/Gsuite. And if they leave the company we delete the unique psk password. You can use this also for big companies.   More and more companies and schools are moving to the cloud so they don't have any in house servers, so also no radius server. And the cloud radius solutions are very expensive.   And what about big iot deployments? 50 is not a lot.   We also have secure guest solutions where we need way more than 50 unique psk's.   ... View more

Re: iPSK Configuration with Microsoft NPS

by Complit in Wireless LAN
‎05-26-2020 04:42 AM
‎05-26-2020 04:42 AM
Indeed look very promising. But I hope they well increase the number of allowed unique psk's. To give an example: Mist can do 5000 and Cisco Meraki 50. But it is a nice start! ... View more

Re: Identity PSK

by Complit in Wireless LAN
‎05-26-2020 02:01 AM
1 Kudo
‎05-26-2020 02:01 AM
1 Kudo
Also available without radius: https://documentation.meraki.com/MR/Encryption_and_Authentication/IPSK_Authentication_Without_RADIUS   ... View more

Re: iPSK - 26.5+

by Complit in Wireless LAN
‎05-26-2020 02:00 AM
1 Kudo
‎05-26-2020 02:00 AM
1 Kudo
In beta version 27.1 you have the feature IPSK without radius. Very interesting. But I don't like the limit of 50 unique psk's per ssid.   https://documentation.meraki.com/MR/Encryption_and_Authentication/IPSK_Authentication_Without_RADIUS ... View more

Re: iPSK Configuration with Microsoft NPS

by Complit in Wireless LAN
‎05-26-2020 02:00 AM
‎05-26-2020 02:00 AM
In beta version 27.1 you have the feature IPSK without radius. Very interesting. But I don't like the limit of 50 unique psk's per ssid.    https://documentation.meraki.com/MR/Encryption_and_Authentication/IPSK_Authentication_Without_RADIUS ... View more

Re: Problems with setting up Freeradius for iPSK

by Complit in Wireless LAN
‎02-21-2020 02:30 AM
‎02-21-2020 02:30 AM
In the coming weeks. But don't know the exact date. ... View more

Re: Problems with setting up Freeradius for iPSK

by Complit in Wireless LAN
‎02-20-2020 10:39 AM
‎02-20-2020 10:39 AM
I had a call with an SE from Meraki. Probably it is a bug. They are investigating this issue. They also mentioned that there will be lauched an ipsk feature without Radius. Just what I need 😄 ... View more

Re: Problems with setting up Freeradius for iPSK

by Complit in Wireless LAN
‎02-19-2020 06:33 AM
‎02-19-2020 06:33 AM
Thanks a lot. I think I'm almost there.   Freeradius return accept-accept but Meraki is rejecting it. Feb 19 15:22:04 complit-PC 802.11 disassociation unspecified reason Feb 19 15:21:59 complit-PC WPA deauthentication radio: 1, vap: 3, client_mac: 28:16:AD:CA:F3:6E   « hide aid 1404825037 Feb 19 15:21:59 complit-PC RADIUS authentication resp: reject Feb 19 15:21:59 complit-PC 802.11 association channel: 108, rssi: 15 Feb 19 15:11:57 complit-PC 802.11 disassociation unspecified reason Feb 19 15:11:52 complit-PC WPA deauthentication radio: 1, vap: 3, client_mac: 28:16:AD:CA:F3:6E   more » Feb 19 15:11:52 complit-PC 802.11 association channel: 108, rssi: 15 Feb 19 15:11:52 complit-PC RADIUS authentication resp: reject     output freeradius:   (0) Received Access-Request Id 4 from 10.10.0.107:32978 to 10.10.0.5:1812 length 221 (0) User-Name = "2816adcaf36e" (0) User-Password = "2816adcaf36e" (0) NAS-IP-Address = 10.10.0.107 (0) Called-Station-Id = "EE-55-2D-F2-EA-CA:Meraki-Wiflex" (0) NAS-Port-Type = Wireless-802.11 (0) Attr-26.29671.2 = 0x436f6d706c69742d747269616c202d20776972656c657373 (0) Attr-26.29671.3 = 0x4d6572616b694170436f6d706c6974 (0) Calling-Station-Id = "28-16-AD-CA-F3-6E" (0) Connect-Info = "CONNECT 11Mbps 802.11b" (0) Message-Authenticator = 0x8d3a513504ca2a031fa69f69d3246684 (0) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default (0) authorize { (0) policy filter_username { (0) if (&User-Name) { (0) if (&User-Name) -> TRUE (0) if (&User-Name) { (0) if (&User-Name =~ / /) { (0) if (&User-Name =~ / /) -> FALSE (0) if (&User-Name =~ /@[^@]*@/ ) { (0) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (0) if (&User-Name =~ /\.\./ ) { (0) if (&User-Name =~ /\.\./ ) -> FALSE (0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (0) if (&User-Name =~ /\.$/) { (0) if (&User-Name =~ /\.$/) -> FALSE (0) if (&User-Name =~ /@\./) { (0) if (&User-Name =~ /@\./) -> FALSE (0) } # if (&User-Name) = notfound (0) } # policy filter_username = notfound (0) [preprocess] = ok (0) [chap] = noop (0) [mschap] = noop (0) [digest] = noop (0) suffix: Checking for suffix after "@" (0) suffix: No '@' in User-Name = "2816adcaf36e", looking up realm NULL (0) suffix: No such realm "NULL" (0) [suffix] = noop (0) eap: No EAP-Message, not doing EAP (0) [eap] = noop (0) sql: EXPAND %{User-Name} (0) sql: --> 2816adcaf36e (0) sql: SQL-User-Name set to '2816adcaf36e' rlm_sql (sql): Reserved connection (1) (0) sql: EXPAND SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id (0) sql: --> SELECT id, username, attribute, value, op FROM radcheck WHERE username = '2816adcaf36e' ORDER BY id (0) sql: Executing select query: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '2816adcaf36e' ORDER BY id (0) sql: User found in radcheck table (0) sql: Conditional check items matched, merging assignment check items (0) sql: Cleartext-Password := "2816adcaf36e" (0) sql: EXPAND SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id (0) sql: --> SELECT id, username, attribute, value, op FROM radreply WHERE username = '2816adcaf36e' ORDER BY id (0) sql: Executing select query: SELECT id, username, attribute, value, op FROM radreply WHERE username = '2816adcaf36e' ORDER BY id (0) sql: EXPAND SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority (0) sql: --> SELECT groupname FROM radusergroup WHERE username = '2816adcaf36e' ORDER BY priority (0) sql: Executing select query: SELECT groupname FROM radusergroup WHERE username = '2816adcaf36e' ORDER BY priority (0) sql: User not found in any groups rlm_sql (sql): Released connection (1) Need 4 more connections to reach 10 spares rlm_sql (sql): Opening additional connection (6), 1 of 26 pending slots used rlm_sql_mysql: Starting connect to MySQL server rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX socket, server version 5.7.29-0ubuntu0.18.04.1, protocol version 10 (0) [sql] = ok (0) [expiration] = noop (0) [logintime] = noop (0) [pap] = updated (0) } # authorize = updated (0) Found Auth-Type = PAP (0) # Executing group from file /etc/freeradius/3.0/sites-enabled/default (0) Auth-Type PAP { (0) pap: Login attempt with password (0) pap: Comparing with "known good" Cleartext-Password (0) pap: User authenticated successfully (0) [pap] = ok (0) } # Auth-Type PAP = ok (0) # Executing section post-auth from file /etc/freeradius/3.0/sites-enabled/default (0) post-auth { (0) update { (0) No attributes updated (0) } # update = noop (0) sql: EXPAND .query (0) sql: --> .query (0) sql: Using query template 'query' rlm_sql (sql): Reserved connection (2) (0) sql: EXPAND %{User-Name} (0) sql: --> 2816adcaf36e (0) sql: SQL-User-Name set to '2816adcaf36e' (0) sql: EXPAND INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{SQL-User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S') (0) sql: --> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '2816adcaf36e', '2816adcaf36e', 'Access-Accept', '2020-02-19 14:21:59') (0) sql: Executing query: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '2816adcaf36e', '2816adcaf36e', 'Access-Accept', '2020-02-19 14:21:59') (0) sql: SQL query returned: success (0) sql: 1 record(s) updated rlm_sql (sql): Released connection (2) (0) [sql] = ok (0) [exec] = noop (0) policy remove_reply_message_if_eap { (0) if (&reply:EAP-Message && &reply:Reply-Message) { (0) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE (0) else { (0) [noop] = noop (0) } # else = noop (0) } # policy remove_reply_message_if_eap = noop (0) } # post-auth = ok (0) Sent Access-Accept Id 4 from 10.10.0.5:1812 to 10.10.0.107:32978 length 0 (0) Finished request Waking up in 4.9 seconds. (0) Cleaning up request packet ID 4 with timestamp +17 Ready to process requests   If I have a look at the radpostauth table I get: | 7 | 2816adcaf36e | 2816adcaf36e | Access-Accept | 2020-02-19 13:33:05 | | 8 | 2816adcaf36e | 2816adcaf36e | Access-Accept | 2020-02-19 14:11:52 | | 9 | 2816adcaf36e | 2816adcaf36e | Access-Accept | 2020-02-19 14:21:59 | ... View more

Re: Problems with setting up Freeradius for iPSK

by Complit in Wireless LAN
‎02-18-2020 05:46 AM
‎02-18-2020 05:46 AM
Thanks again. I'm totally new to Freeradius. So we need to tell freeradius to use a database instead of the configuration file? I will try to use mysql and find a way to import the users into mysql from our system. Let's google :-D. If you have any interesting documentation, you may always post it :-D. Do you know why Meraki/Cisco chose to create unique psk's based on radius server instead of a solution like Aerohive/Ruckus? ... View more

Re: Problems with setting up Freeradius for iPSK

by Complit in Wireless LAN
‎02-18-2020 01:43 AM
‎02-18-2020 01:43 AM
You hero! Now it's working. I think Meraki need to update there documentation :-D.    The only thing I need to figure out is how I can create new ipsk's by api's on the freeradius server. We are trying to create a BYOD solution where users can onboard themself by logging in with their AzureAD/Offfice365/Gsuiste credentials and get an IPSK in the right vlan. Vlan is based on the security group in Azure AD/Office365/Gsuite. If they leave the organisation we will delete the ipsk.     ... View more

Re: Problems with setting up Freeradius for iPSK

by Complit in Wireless LAN
‎02-18-2020 12:59 AM
‎02-18-2020 12:59 AM
Thanks a lot guys!!!! Was very helpfull.   Now the default password is working as ipsk. But my user ipsk is still not working. Freeradius is starting good. Any idea what I can check? ... View more

Problems with setting up Freeradius for iPSK

by Complit in Wireless LAN
‎02-17-2020 04:43 AM
1 Kudo
‎02-17-2020 04:43 AM
1 Kudo
Dear,   I installed a Ubuntu server and installed freeradius on it. Freeradius is starting as expected.   But when I follow the steps of the topic: https://documentation.meraki.com/MR/Encryption_and_Authentication/IPSK_with_RADIUS_Authentication   I get error messages when I start freeradius after I changed the users file.   Users file:     Error message:   Can someone help me with this? I'm new to freeradius. ... View more

Re: iPSK - 26.5+

by Complit in Wireless LAN
‎02-09-2020 01:10 PM
‎02-09-2020 01:10 PM
How is it working exactly? You create a user in freeradius and gave the mac address with it. And then it returns an ipsk?   Do you know why meraki/cisco is using unique psk's based on radius instead of using the way ruckus/aerohive/cambium/mist is doing it? Then you don't need tbe radius.   We like to integrate the ipsk in our wiflex solution ... View more

Re: Azure AD authentication on Meraki WiFi

by Complit in Wireless LAN
‎02-09-2020 12:18 AM
‎02-09-2020 12:18 AM
I would not recommend using a splash portal (open ssid) for corporate users. We are looking into a solution with ipsk and Azure. I'll keep you up to date. ... View more

Create Network Meraki Auth User

by Complit in Developers & APIs
‎08-08-2019 04:42 AM
1 Kudo
‎08-08-2019 04:42 AM
1 Kudo
When will it be possible to create a Splash portal login with Cisco Meraki's api's? We really need this. Thanks a lot. ... View more
Labels:
  • Labels:
  • Dashboard API

Re: Assign different Vpn group policies (without radius or AD)

by Complit in Developers & APIs
‎06-04-2018 09:57 PM
1 Kudo
‎06-04-2018 09:57 PM
1 Kudo
That's correct, but it's the best solution you can do for the moment I think. You can restrict the default vpn profile and run the script every minute.   It would be better that Meraki let to define a group policy when you create the vpn user. I'm pretty new to Meraki and I love it. But I was really disappointed when I found out this wasn't an option. Here are the steps of my api script: Get all clients that connected last hour (api/v0/devices/) If client has an ip-address in the vpn subnet, I ask more information (for example emailaddress) with the api api/v0/networks/$network_id/clients/$mac Check if the vpn has the default group policy (normal), if so I want to change this. (api/v0/networks/$network_id/clients/$mac/policy) Then I assign an other group policy based on the domain name of their emailadress.(api/v0/networks/$network_id/clients/$mac/policy) In the dashboard you can assign new firewall rules to the vpn group policy you assigned. You can allow traffic from the vpn subnet to the subnet of the company ... View more

Assign different Vpn group policies (without radius or AD)

by Complit in Developers & APIs
‎06-04-2018 11:56 AM
2 Kudos
‎06-04-2018 11:56 AM
2 Kudos
I was working on a project for a customer. We used a Meraki Mx for multiple companies in this project. The big problem was that all vpn clients came in the same subnet. And if all the vpn clients (from different companies) wanted to get to their recourses I needed to open all subnets. Of course this is a very big security problem.   I have solved this with the Meraki api's. I look to the domain name of the email address and assign the right Group policy with only rights to the subnet of his company. Maybe this is helpful for other companies.     If you want more details you can contact me on jonas@complit.be ... View more

You are being redirected

by Complit in Developers & APIs
‎06-04-2018 01:31 AM
‎06-04-2018 01:31 AM
Probably a stupid question :-D.   I want to get all the clients on the network. My script is working but I get the sentence "You are being redirected" instead of an array with the data. If I click on the link behind "Redirected" I get all the data. But I need this info for my script. Any help would be great. My code: <?php $request = new HttpRequest(); $request->setUrl('https://api.meraki.com/api/v0/devices/SERIALNUMBER/clients'); $request->setMethod(HTTP_METH_GET); $request->setQueryData(array(   'timespan' => '84000' )); $request->setHeaders(array(   'postman-token' => '7187e3f4-f792-c5f6-da1e-73e51253767d',   'cache-control' => 'no-cache',   'x-cisco-meraki-api-key' => 'api key' )); try {   $response = $request->send();   echo $response->getBody(); } catch (HttpException $ex) {   echo $ex; } ... View more
Labels:
  • Labels:
  • Dashboard API
Kudos from
User Count
KRobert
KRobert
1
PhilipDAth
Kind of a big deal PhilipDAth
2
davidvan
Meraki Alumni (Retired) davidvan
1
kYutobi
kYutobi
1
wbenton
wbenton
1
View All
Kudos given to
User Count
CptnCrnch
Kind of a big deal CptnCrnch
4
PhilipDAth
Kind of a big deal PhilipDAth
1
View All
My Top Kudoed Posts
Subject Kudos Views

Assign different Vpn group policies (without radius or AD)

Developers & APIs
2 1962

Re: iPSK - 26.5+

Wireless LAN
1 4944

Re: Identity PSK

Wireless LAN
1 1734

Re: iPSK - 26.5+

Wireless LAN
1 4977

Problems with setting up Freeradius for iPSK

Wireless LAN
1 5061
View All
Powered by Khoros
custom.footer.
  • Community Guidelines
  • Cisco Privacy
  • Khoros Privacy
  • Privacy Settings
  • Terms of Use
© 2023 Meraki