Meraki setup for RadSec
Setting up a Meraki equipment to work with Foxpass RadSec
You must use Meraki Firmware 31.1.1 or later. 30.6 has a known bug whereby RadSec will not attempt a connection
Foxpass RadSec allows a RADIUS connection via TLS for an additional layer of security. This setup guide will help you configure Meraki equipment with Foxpass RadSec.
Configure Meraki
- Download RadSec Server CA from the Foxpass RadSec page.
![Download RadSec Server CA](https://files.readme.io/1a4c70d-Screenshot_2024-02-14_at_11.37.46_AM.png)
Download RadSec Server CA
- In the Meraki dashboard, go to Organization --> Certificates
![Click Certificates](https://files.readme.io/74f6e31-image_1.png)
Click Certificates
- In the top right section, click "Upload CA certificate" and upload the RadSec server CA downloaded in Step 1.
![Upload RadSec Server CA](https://files.readme.io/fd18afa-image_2.png)
Upload RadSec Server CA
- In the bottom right section, click the “Download CA” button. (If the "Download CA" button isn't there, chose "Generate CA" (this might take a while) and then choose "Trust".)
![Trust CA](https://files.readme.io/d5f4bf0-Screenshot_2024-05-30_at_9.52.12_AM.png)
Trust CA
![](https://files.readme.io/1d4a1f5-Screenshot_2024-05-30_at_9.52.23_AM.png)
- Go to Foxpass RadSec page now. Click "Upload Customer Client CA" button.
![](https://files.readme.io/3f50716-Screenshot_2024-02-14_at_11.47.12_AM.png)
- Upload the Meraki CA downloaded in Step 4.
![Upload Meraki CA](https://files.readme.io/4cf20c9-Screenshot_2024-02-14_at_11.50.05_AM.png)
Upload Meraki CA
![Sample uploaded Client CA](https://files.readme.io/bbc029e-Screenshot_2024-02-14_at_11.51.23_AM.png)
Sample uploaded Client CA
Configure SSID for RadSec
Go to Wireless > Configure > Access control. For your SSID:
- SSID (name) - Your SSID name
- SSID status - Enabled
- Enterprise with - my RADIUS server
![Configure SSID](https://files.readme.io/7480ac9-Screenshot_2024-05-30_at_10.44.38_AM.png)
Configure SSID
-
Wi-Fi Personal Network (WPN) - Disabled
-
WPA encryption - WPA2 only
-
802.11w - Disabled
-
Mandatory DHCP - Disabled
-
For RADIUS servers:
- Host IP - radius.foxpass.com
- Port - 2083
- Secret - 'radsec' (it’s always ‘radsec’)
- Check box under RadSec.
- Do not press the 'Test' button. It doesn't support RadSec.
- Click Done.
![Add server](https://files.readme.io/342cc10-Screenshot_2024-05-30_at_10.48.56_AM.png)
Add server
- Now connect to your SSID.
![](https://files.readme.io/953358a-Screenshot_2024-05-30_at_10.28.54_AM.png)
![Connected to SSID](https://files.readme.io/ff4b09a-Screenshot_2024-05-30_at_10.29.14_AM.png)
Connected to SSID
- You can see successful/unsuccessful logs on the radius logs page.
![RADIUS logs](https://files.readme.io/8cdeba8-Screenshot_2024-05-30_at_10.54.00_AM.png)
RADIUS logs
Updated about 2 months ago