Buy or Renew
Buy or Renew
NEW: Try the Beta AI Summary feature on posts in the Routing and SD-WAN forum. Click to go to the forum.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4576
Views
1
Helpful
4
Replies

Wireless RADIUS concentrator

Go to solution
Billy3
Community Member

‎04-17-2018 10:47 PM

I have a network consisting of a few sites connected through VPN (Hub/Spoke) with several access points and I want to provide certificate based authentication for a specific SSID through the NPS server.

Having to configure several IPs as a source on the NPS server is quite time consuming, enabling the Meraki's RADIUS proxy and exposing the server to the internet is definitely not the best option and using a Wireless Concentrator and driving all of the wireless traffic to a single point would result in a non-optimal bandwidth utilization.

Is there any way, or any plans to implement a way of using a single source for all those RADIUS requests? The ability of configuring one of the MX devices as a RADIUS proxy would be a nice feature

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Philip D'Ath
Meraki Community All-Star
Meraki Community All-Star
In response to Billy3

‎04-18-2018 05:32 PM

If you are using an NPS server as a remote proxy for the additional SSID, then all those requests will come from one IP address - that of the remote NPS proxy server.

View solution in original post

4 Replies 4

Go to solution
Philip D'Ath
Meraki Community All-Star
Meraki Community All-Star

‎04-17-2018 11:27 PM

Did you know you can specify a prefix instead of an individual IP address in NPS? For example, you can use 192.168.0.0/16 to represent a huge number of access points - with a single client entry.

0 Helpful

Go to solution
Billy3
Community Member
In response to Philip D'Ath

‎04-18-2018 05:29 PM

@Philip D'Ath wrote:

Did you know you can specify a prefix instead of an individual IP address in NPS? For example, you can use 192.168.0.0/16 to represent a huge number of access points - with a single client entry.

The certificate based authentication is tested and works, however I'd rather not go with a generic /16 definition as a source.

Furthermore, there is an additional SSID that authenticates in NPS servers that I don't manage and pass through firewalls that I also don't manage (merged companies). From a security compliance perspective, there's no way that a /16 definition would be accepted.

0 Helpful

Go to solution
Philip D'Ath
Meraki Community All-Star
Meraki Community All-Star
In response to Billy3

‎04-18-2018 05:32 PM

If you are using an NPS server as a remote proxy for the additional SSID, then all those requests will come from one IP address - that of the remote NPS proxy server.

Go to solution
Philip D'Ath
Meraki Community All-Star
Meraki Community All-Star

‎04-17-2018 11:29 PM

Also did you know if you use Systems Manager you can have it deploy a certificate automatically on each machine, for certificate based authentication, and you don't even need NPS? Considering how cheap Systems Manager is - this is quite a good option. WiFi authentication is no longer dependent on any of your infrastructure.

https://documentation.meraki.com/MR/Encryption_and_Authentication/Certificate-based_WiFi_authentication_with_Systems_Manager_and_Meraki_APs

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card