Re: Org-level RADIUS Server - Open discussion

Raphael_L · ‎11-02-2023

Hi ,

This is an open discussion about the new EA Feature : Org-level RADIUS Server

(https://community.meraki.com/t5/Feature-Announcements/Public-Preview-Org-level-RADIUS-Server/ba-p/214187)

Documentation is properly attached . Bonus points !
Seems to have broken some Access Policy related API. Waiting confirmation on that
User input validation seems broken

Existing Access Policy now includes a new UI :

The mix of 'new' UI and 'old' UI is a bit odd.
Old Access Policy now display a 'show secret' button. That button is not displaying my current Secret. So I have no idea what it is showing

So here is my initial feedback 🙂

PS : Love the idea and the feature but still dislike the way to inform of bugs / feedback. The "give feedback button" is not event present on that page , and unsure if someone is really looking at that anyway.

Cheers !

Raphael_L · ‎11-02-2023

Open question : If you change one or all RADIUS server IPs , should we expect a Org-Wide re-auth on all ports configured with an access policy ?

Eg : I'm migrating my RADIUS from 10.1.1.1 to 10.2.2.2. I do the change Org-Wide. What is the expected behavior ?

My initial thoughts : Nothing happens until there's a re-auth or new auth on the ports using that access policy. Am I right ?

Karsten Iwen · ‎11-02-2023

Only for Switches??? Ok ... This is a feature I have hoped for since day 1. But wireless would be more important. For your question, I would expect the existing sessions to stay active until reauth or a button "reauth now" is pressed (either on the dashboard or on the RADIUS server).

--
If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.

Raphael_L · ‎11-02-2023

Yes I hope this get ported to MR !

The only reason I'm asking is because editing ports/access policy on MX forces a re-auth of all ports. I was worried a bit about that part but it seems that you are right. I have to do more testing

Edit : And MS too ? https://documentation.meraki.com/MS/Access_Control/MS_Switch_Access_Policies_(802.1X)

As of MS 9.16, changes to an existing access policy will cause a port-bounce on all ports configured for that policy.

Philip D'Ath · ‎11-02-2023

> If you change one or all RADIUS server IPs

Does it result in a re-auth if you change the RADIUS server IP address at the current network level?

Raphael_L · ‎11-02-2023

Per documentation .. yes

https://documentation.meraki.com/MS/Access_Control/MS_Switch_Access_Policies_(802.1X)

As of MS 9.16, changes to an existing access policy will cause a port-bounce on all ports configured for that policy.

But I have to try it first. That message seems really old. 9.16 , I don't even remember the bugs from that version haha !

Raphael_L · ‎11-07-2023

Update from my case : Hi Raphael. The behavior in question is no longer present.

So changing the Radius settings Org-wide ( or network-wide ) shouldn't bounce the configured ports.

Ryan_Miles · ‎11-02-2023

MR will come later

CMR · ‎11-03-2023

+1 for MR please 🙂

If my answer solves your problem please click Accept as Solution so others can benefit from it.

Jeff Longley · ‎06-19-2025

Any update on when?

bhilgenkamp2023 · ‎02-12-2024

Is it possible to reference these global RADIUS servers when creating an access policy via API? I'm not seeing a way to use the createNetworkSwitchAccessPolicy operation to link to these global servers.

Raphael_L · ‎02-12-2024

I'm afraid it is not possible at the moment.