Meraki setup
Setting up Meraki RADIUS with Foxpass
Most Foxpass customers use wireless access products by Cisco's Meraki. You are in good hands.
The Meraki setup is very straight-forward.
1. Set your Foxpass password
In Foxpass, go to the "Password" settings page and enter a password.
2. Create a "RADIUS Client" entry on Foxpass
Visit this page: https://console.foxpass.com/settings/radius/. Create a RADIUS client for this site's public IP address.
Note the secret that was generated.
Then click on the "RADIUS Servers" tab on that page and note our RADIUS IP addresses (EAP-TTLS at the bottom, EAP-TLS at the top) and the "secret" that was created for that entry.
3. Configure SSID
- In your Meraki dashboard, create a new SSID called (e.g.) "Foxpass Test".
- Select Enterprise with my RADIUS server.
- Select WPA2 only or WPA3 only for WPA Encryption as per your use case.
- Add 2 radius servers(noted from step 2). Port is 1812. Secret is copied from the radius settings page. Be sure to set up both of our RADIUS IP address, as one or the other may be down for maintenance. Don't forget to put in your RADIUS secret; it will be the same for both entries. Click Save.
4. Don't push the test button!
This is very counter-intuitive. But even when the RADIUS servers are set up properly, the "Test" button on the Meraki Dashboard will not work.
If you want to know why, see down below.
5. Try it out
For EAP-TTLS connection on your device, select and follow appropriate documentation link under wi-fi connections and then try to connect.
To connect to your new network, enter your username and password.
For EAP-TLS connection on your device, select and follow appropriate documentation link under EAP-TLS and then try to connect.
Why the test button doesn't work.
Here's why: Foxpass uses the most secure version of RADIUS that is available. That is called EAP-TTLS-PAP, which encapsulates login information inside of an SSL connection.
The "Test" button does not support EAP-TTLS-PAP, and instead assumes a less secure protocol. This doesn't matter, though, because ultimately the authentication conversation happens between a user's phone / laptop and the RADIUS server directly (the Access Point merely connects the two).
Android, Linux, Windows 8, and Windows 10 all support TTLS-PAP natively.
macOS and iOS will support TTLS-PAP with the addition of a config file, which Foxpass will generate for you.
Windows 7 is not supported, but will probably work if the computer has the Intel wireless chipset and Intel drivers installed.
Troubleshooting Steps
- Verify RADIUS Client Entry: Ensure the RADIUS client is correctly created on the RADIUS settings page in Foxpass with the proper public IP address.
- Check RADIUS Server Configuration: Confirm the RADIUS server IP addresses and secrets are accurately configured in the Cisco Meraki dashboard. For EAP-TTLS, RADIUS Servers and for EAP-TLS, EAP-TLS enabled RADIUS Servers are correctly noted from the RADIUS Settings page.
- Check RADIUS logs page for any errors.
Updated 3 months ago