Meraki setup for RadSec

Setting up a Meraki equipment to work with Foxpass RadSec

🚧

You must use Meraki Firmware 31.1.1 or later. 30.6 has a known bug whereby RadSec will not attempt a connection

Foxpass RadSec allows a RADIUS connection via TLS for an additional layer of security. This setup guide will help you configure Meraki equipment with Foxpass RadSec.

Configure Meraki

  1. Download RadSec Server CA from the Foxpass RadSec page.
Download RadSec Server CA

Download RadSec Server CA

  1. In the Meraki dashboard, go to Organization --> Certificates
Click Certificates

Click Certificates

  1. In the top right section, click "Upload CA certificate" and upload the RadSec server CA downloaded in Step 1.
Upload RadSec Server CA

Upload RadSec Server CA

  1. In the bottom right section, click the “Download CA” button. (If the "Download CA" button isn't there, chose "Generate CA" (this might take a while) and then choose "Trust".)
Trust CA

Trust CA

  1. Go to Foxpass RadSec page now. Click "Upload Customer Client CA" button.
  1. Upload the Meraki CA downloaded in Step 4.
Upload Meraki CA

Upload Meraki CA

Sample uploaded Client CA

Sample uploaded Client CA

Configure SSID for RadSec

Go to Wireless > Configure > Access control. For your SSID:

  • SSID (name) - Your SSID name
  • SSID status - Enabled
  • Enterprise with - my RADIUS server
Configure SSID

Configure SSID

  • Wi-Fi Personal Network (WPN) - Disabled

  • WPA encryption - WPA2 only

  • 802.11w - Disabled

  • Mandatory DHCP - Disabled

  • For RADIUS servers:

    1. Host IP - radius.foxpass.com
    2. Port - 2083
    3. Secret - 'radsec' (it’s always ‘radsec’)
    4. Check box under RadSec.
    5. Do not press the 'Test' button. It doesn't support RadSec.
    6. Click Done.
Add server

Add server

  • Now connect to your SSID.
Connected to SSID

Connected to SSID

  • You can see successful/unsuccessful logs on the radius logs page.
RADIUS logs

RADIUS logs