Meraki setup

Setting up Meraki RADIUS with Foxpass

Most Foxpass customers use wireless access products by Cisco's Meraki. You are in good hands.

The Meraki setup is very straight-forward.

1. Set your Foxpass password

In Foxpass, go to the "Password" settings page and enter a password.

2. Create a "RADIUS Client" entry on Foxpass

Visit this page: https://console.foxpass.com/settings/radius/. Create a RADIUS client for this site's public IP address. Note the secret that was generated.

Then click on the "RADIUS Servers" tab on that page and note our RADIUS IP addresses (EAP-TTLS at the top, EAP-TLS at the bottom) and the "secret" that was created for that entry.

Locate RADIUS servers

Locate RADIUS servers

3. Configure SSID

  • In your Meraki dashboard, create a new SSID called (e.g.) "Foxpass Test".
Configure SSID in Meraki

Configure SSID in Meraki

  • Select Enterprise with my RADIUS server.
  • Select WPA2 for WPA Encryption.
Set encryption

Set encryption

  • Add 2 radius servers(noted from step 2). Port is 1812. Secret is copied from the radius settings page. Be sure to set up both of our RADIUS IP address, as one or the other may be down for maintenance. Don't forget to put in your RADIUS secret; it will be the same for both entries. Click Save.
Add RADIUS servers

Add RADIUS servers

4. Don't push the test button!

This is very counter-intuitive. But even when the RADIUS servers are set up properly, the "Test" button on the Meraki Dashboard will not work.

If you want to know why, see down below.

5. Set up your client

If you have a Mac, go to this page: https://console.foxpass.com/settings/wifi/. Create an entry for (e.g.) "Foxpass Test", download the config file and install it. To configure other operating systems for TTLS-PAP, please see the "RADIUS clients" section to the left.

6. Try it out

Connect to your new network, and enter your username and password.

Enter username and password

Enter username and password

Why the test button doesn't work.

Here's why: Foxpass uses the most secure version of RADIUS that is available. That is called EAP-TTLS-PAP, which encapsulates login information inside of an SSL connection.

The "Test" button does not support EAP-TTLS-PAP, and instead assumes a less secure protocol. This doesn't matter, though, because ultimately the authentication conversation happens between a user's phone / laptop and the RADIUS server directly (the Access Point merely connects the two).

Android, Linux, Windows 8, and Windows 10 all support TTLS-PAP natively.
macOS and iOS will support TTLS-PAP with the addition of a config file, which Foxpass will generate for you.
Windows 7 is not supported, but will probably work if the computer has the Intel wireless chipset and Intel drivers installed.