RE: [WIRELESS-LAN] Meraki AP connectivity to eduroam
Not familiar with your setup or Meraki, but in NPS you can define a Radius client at a subnetie. 192.168.1.0/24. Then define more specific Connection Request Policies and Network policies. Don’t worry, NPS is smart enough to match on the most specific radius client. Client1 – 192.168.1.0/24 Client2- 192.168.1.5 If the radius packet if from 192.168.1.5, it will match Client2. Eric Kurtz Senior Systems Engineer Office of Information Technology Susquehanna University 514 University Avenue Selinsgrove, PA 17870-1164 570.372.4537 ku...@susqu.edu<mailto:ku...@susqu.edu> From: The EDUCAUSE Wireless Issues Constituent Group Listserv On Behalf Of Mark McNeil [Staff] Sent: Saturday, July 28, 2018 2:05 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Meraki AP connectivity to eduroam Thanks for the reply and suggestions. My next question would be is any using NPS as their RADIUS? I reached out to Meraki and they confirmed that defining the management IP network is the way to go with every other RADIUS except NPS. This feature apparently is not a supported feature in NPS. Has anyone encountered this issue with NPS or is no one using NPS? Is there a work around if using NPS? I appreciate all the feedback. Mark -- Forwarded message -- From: Jeffrey D . Sessler mailto:j...@scrippscollege.edu>> Date: Fri, Jul 27, 2018 at 3:19 PM Subject: Re: [WIRELESS-LAN] Meraki AP connectivity to eduroam To: WIRELESS-LAN@listserv.educause.edu<mailto:WIRELESS-LAN@listserv.educause.edu> Same as others said. Define the management IP to be allowed by your radius sever and it works great. If you have a lot of locations, and less control of the management IP network e.g. it’s hanging on say a comcast network where the IP changes, the alternative is to use Meraki’s proxy radius. The APs talk to the Meraki proxy radius and the proxy radius in-turn talks with your radius. Now if only Meraki would directly peer with eduroam, then all you’d need to do is point at the proxy and be done. Jeff From: "wireless-lan@listserv.educause.edu<mailto:wireless-lan@listserv.educause.edu>" mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> on behalf of "Mark McNeil [Staff]" mailto:mcn...@fordham.edu>> Reply-To: "wireless-lan@listserv.educause.edu<mailto:wireless-lan@listserv.educause.edu>" mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> Date: Friday, July 27, 2018 at 12:21 AM To: "wireless-lan@listserv.educause.edu<mailto:wireless-lan@listserv.educause.edu>" mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> Subject: [WIRELESS-LAN] Meraki AP connectivity to eduroam Hi everyone, I'm wondering if someone can provide a little clarity on configuring Meraki to connect to eduroam. The documentation states that " The MR's will need to be defined on the RADIUS server as RADIUS clients (consult RADIUS server documentation to complete this step). " I take this to mean that I will need to define all my AP's, in my case MR42's, in my local RADIUS. Is this correct or is there another way around this on the Meraki. I only have 33 AP's but seems there should be another way. Any help is appreciated. Thanks Mark -- Mark McNeil Director, Network Engineering and Operations Fordham University | Fordham IT Tel: 718-817-3763 Business Office: 718-817-3750 Fax: 718-817-5775 email: mcn...@fordham.edu<mailto:mcn...@fordham.edu> <https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.fordham.edu%2F&data=02%7C01%7Ckurtz%40SUSQU.EDU%7C21fdee16a16544743d4708d5f4501291%7Cf78aa315d9b34b8c9d672e8fefdb2d07%7C1%7C0%7C636683547122416925&sdata=zbRkOnLrAPRLbFHCaNZ3ZfYMoJZF%2B%2FczLhm11129T4g%3D&reserved=0> http://www.fordham.edu<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.fordham.edu%2F&data=02%7C01%7Ckurtz%40SUSQU.EDU%7C21fdee16a16544743d4708d5f4501291%7Cf78aa315d9b34b8c9d672e8fefdb2d07%7C1%7C0%7C636683547122416925&sdata=zbRkOnLrAPRLbFHCaNZ3ZfYMoJZF%2B%2FczLhm11129T4g%3D&reserved=0> _ ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.proofpoint.com%2Fv2%2Furl%3Fu%3Dhttp-3A__www.educause.edu_discuss%26d%3DDwMGaQ%26c%3DaqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM%26r%3DSpuW56Gv0ljO5PHKQquxycZWXdpeoXD-65qTCRfbCJA%26m%3DUd_xnTtDxQ31wYXQRrHtNG7KWC4RlQafyKm4v58d4Co%26s%3DAx6k-IgEmnjgydhRMO2Gfj6xAzgUN7Tbz_OvYzxaxx8%26e%3D&data=02%7C01%7Ckurtz%40SUSQU.EDU%7C21fdee16a16544743d4708d5f4501291%7Cf78aa315d9b34b8c9d672e8fefdb2d07%7C1%7C0%7C636683547122426929&sdata=NwZymNzeV1IGZZU1Ba9t3LdCA3c%2BTMsGZ3kjwiyR
Re: [WIRELESS-LAN] Meraki AP connectivity to eduroam
Thanks for the reply and suggestions. My next question would be is any using NPS as their RADIUS? I reached out to Meraki and they confirmed that defining the management IP network is the way to go with every other RADIUS except NPS. This feature apparently is not a supported feature in NPS. Has anyone encountered this issue with NPS or is no one using NPS? Is there a work around if using NPS? I appreciate all the feedback. Mark -- Forwarded message -- From: Jeffrey D . Sessler Date: Fri, Jul 27, 2018 at 3:19 PM Subject: Re: [WIRELESS-LAN] Meraki AP connectivity to eduroam To: WIRELESS-LAN@listserv.educause.edu Same as others said. Define the management IP to be allowed by your radius sever and it works great. If you have a lot of locations, and less control of the management IP network e.g. it’s hanging on say a comcast network where the IP changes, the alternative is to use Meraki’s proxy radius. The APs talk to the Meraki proxy radius and the proxy radius in-turn talks with your radius. Now if only Meraki would directly peer with eduroam, then all you’d need to do is point at the proxy and be done. Jeff *From: *"wireless-lan@listserv.educause.edu" on behalf of "Mark McNeil [Staff]" *Reply-To: *"wireless-lan@listserv.educause.edu" < WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> *Date: *Friday, July 27, 2018 at 12:21 AM *To: *"wireless-lan@listserv.educause.edu" *Subject: *[WIRELESS-LAN] Meraki AP connectivity to eduroam Hi everyone, I'm wondering if someone can provide a little clarity on configuring Meraki to connect to eduroam. The documentation states that " *The MR's will need to be defined on the RADIUS server as RADIUS clients (consult RADIUS server documentation to complete this step).* " I take this to mean that I will need to define all my AP's, in my case MR42's, in my local RADIUS. Is this correct or is there another way around this on the Meraki. I only have 33 AP's but seems there should be another way. Any help is appreciated. Thanks Mark -- *Mark McNeil * *Director, Network Engineering and Operations* *Fordham University | Fordham IT* *Tel: 718-817-3763* *Business Office: 718-817-3750* *Fax: 718-817-5775* *email: mcn...@fordham.edu * <http://www.fordham.edu/> *http://www.fordham.edu <http://www.fordham.edu/>* _ ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss <https://urldefense.proofpoint.com/v2/url?u=http-3A__www.educause.edu_discuss&d=DwMGaQ&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=SpuW56Gv0ljO5PHKQquxycZWXdpeoXD-65qTCRfbCJA&m=Ud_xnTtDxQ31wYXQRrHtNG7KWC4RlQafyKm4v58d4Co&s=Ax6k-IgEmnjgydhRMO2Gfj6xAzgUN7Tbz_OvYzxaxx8&e=>. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss <https://urldefense.proofpoint.com/v2/url?u=http-3A__www.educause.edu_discuss&d=DwMGaQ&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=SpuW56Gv0ljO5PHKQquxycZWXdpeoXD-65qTCRfbCJA&m=Ud_xnTtDxQ31wYXQRrHtNG7KWC4RlQafyKm4v58d4Co&s=Ax6k-IgEmnjgydhRMO2Gfj6xAzgUN7Tbz_OvYzxaxx8&e=>. -- *Mark McNeil * *Director, Network Engineering and Operations* *Fordham University | Fordham IT* *Tel: 718-817-3763* *Business Office: 718-817-3750* *Fax: 718-817-5775* *email: mcn...@fordham.edu * <http://www.fordham.edu/> *http://www.fordham.edu <http://www.fordham.edu/>* _ ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss.
Re: [WIRELESS-LAN] Meraki AP connectivity to eduroam
Same as others said. Define the management IP to be allowed by your radius sever and it works great. If you have a lot of locations, and less control of the management IP network e.g. it’s hanging on say a comcast network where the IP changes, the alternative is to use Meraki’s proxy radius. The APs talk to the Meraki proxy radius and the proxy radius in-turn talks with your radius. Now if only Meraki would directly peer with eduroam, then all you’d need to do is point at the proxy and be done. Jeff From: "wireless-lan@listserv.educause.edu" on behalf of "Mark McNeil [Staff]" Reply-To: "wireless-lan@listserv.educause.edu" Date: Friday, July 27, 2018 at 12:21 AM To: "wireless-lan@listserv.educause.edu" Subject: [WIRELESS-LAN] Meraki AP connectivity to eduroam Hi everyone, I'm wondering if someone can provide a little clarity on configuring Meraki to connect to eduroam. The documentation states that " The MR's will need to be defined on the RADIUS server as RADIUS clients (consult RADIUS server documentation to complete this step). " I take this to mean that I will need to define all my AP's, in my case MR42's, in my local RADIUS. Is this correct or is there another way around this on the Meraki. I only have 33 AP's but seems there should be another way. Any help is appreciated. Thanks Mark -- Mark McNeil Director, Network Engineering and Operations Fordham University | Fordham IT Tel: 718-817-3763 Business Office: 718-817-3750 Fax: 718-817-5775 email: mcn...@fordham.edu<mailto:mcn...@fordham.edu> <http://www.fordham.edu/> http://www.fordham.edu<http://www.fordham.edu/> _ ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss.
Re: [WIRELESS-LAN] Meraki AP connectivity to eduroam
Listening with great anticipation. We are hoping to get eduroam up and running at our remote sites — which both use Meraki.As we are not using the wireless concentrator option in Meraki, we have listed every AP in our clients file. This may be fine for now but will be burdensome if we expand our use Meraki. Regards Christina Sent from my iPhone > On Jul 27, 2018, at 05:16, Mike Atkins wrote: > > Our radius admin would define the management subnet of the Meraki APs in our > radius server configuration. > > > > > > > > ---Mike Atkins > sent from phone > >> On Jul 27, 2018, at 3:21 AM, Mark McNeil [Staff] wrote: >> >> Hi everyone, >> I'm wondering if someone can provide a little clarity on configuring >> Meraki to connect to eduroam. The documentation states that >> >> " The MR's will need to be defined on the RADIUS server as RADIUS clients >> (consult RADIUS server documentation to complete this step). " >> >> I take this to mean that I will need to define all my AP's, in my case >> MR42's, in my local RADIUS. Is this correct or is there another way around >> this on the Meraki. I only have 33 AP's but seems there should be another >> way. >> >> Any help is appreciated. >> >> Thanks >> >> Mark >> >> -- >> >> Mark McNeil >> Director, Network Engineering and Operations >> Fordham University | Fordham IT >> Tel: 718-817-3763 >> Business Office: 718-817-3750 >> Fax: 718-817-5775 >> email: mcn...@fordham.edu >> http://www.fordham.edu >> _ >> ** Participation and subscription information for this EDUCAUSE >> Constituent Group discussion list can be found at >> http://www.educause.edu/discuss. > ** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/discuss. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss.
Re: [WIRELESS-LAN] Meraki AP connectivity to eduroam
Our radius admin would define the management subnet of the Meraki APs in our radius server configuration. ---Mike Atkins sent from phone > On Jul 27, 2018, at 3:21 AM, Mark McNeil [Staff] wrote: > > Hi everyone, > I'm wondering if someone can provide a little clarity on configuring > Meraki to connect to eduroam. The documentation states that > > " The MR's will need to be defined on the RADIUS server as RADIUS clients > (consult RADIUS server documentation to complete this step). " > > I take this to mean that I will need to define all my AP's, in my case > MR42's, in my local RADIUS. Is this correct or is there another way around > this on the Meraki. I only have 33 AP's but seems there should be another > way. > > Any help is appreciated. > > Thanks > > Mark > > -- > > Mark McNeil > Director, Network Engineering and Operations > Fordham University | Fordham IT > Tel: 718-817-3763 > Business Office: 718-817-3750 > Fax: 718-817-5775 > email: mcn...@fordham.edu > http://www.fordham.edu > _ > ** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/discuss. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss.
