Not familiar with your setup or Meraki, but in NPS you can define a Radius client at a subnet ie. 192.168.1.0/24. Then define more specific Connection Request Policies and Network policies. Don’t worry, NPS is smart enough to match on the most specific radius client. Client1 – 192.168.1.0/24 Client2- 192.168.1.5
If the radius packet if from 192.168.1.5, it will match Client2. Eric Kurtz Senior Systems Engineer Office of Information Technology Susquehanna University 514 University Avenue Selinsgrove, PA 17870-1164 570.372.4537 ku...@susqu.edu<mailto:ku...@susqu.edu> From: The EDUCAUSE Wireless Issues Constituent Group Listserv <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> On Behalf Of Mark McNeil [Staff] Sent: Saturday, July 28, 2018 2:05 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Meraki AP connectivity to eduroam Thanks for the reply and suggestions. My next question would be is any using NPS as their RADIUS? I reached out to Meraki and they confirmed that defining the management IP network is the way to go with every other RADIUS except NPS. This feature apparently is not a supported feature in NPS. Has anyone encountered this issue with NPS or is no one using NPS? Is there a work around if using NPS? I appreciate all the feedback. Mark ---------- Forwarded message ---------- From: Jeffrey D . Sessler <j...@scrippscollege.edu<mailto:j...@scrippscollege.edu>> Date: Fri, Jul 27, 2018 at 3:19 PM Subject: Re: [WIRELESS-LAN] Meraki AP connectivity to eduroam To: WIRELESS-LAN@listserv.educause.edu<mailto:WIRELESS-LAN@listserv.educause.edu> Same as others said. Define the management IP to be allowed by your radius sever and it works great. If you have a lot of locations, and less control of the management IP network e.g. it’s hanging on say a comcast network where the IP changes, the alternative is to use Meraki’s proxy radius. The APs talk to the Meraki proxy radius and the proxy radius in-turn talks with your radius. Now if only Meraki would directly peer with eduroam, then all you’d need to do is point at the proxy and be done. Jeff From: "wireless-lan@listserv.educause.edu<mailto:wireless-lan@listserv.educause.edu>" <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> on behalf of "Mark McNeil [Staff]" <mcn...@fordham.edu<mailto:mcn...@fordham.edu>> Reply-To: "wireless-lan@listserv.educause.edu<mailto:wireless-lan@listserv.educause.edu>" <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> Date: Friday, July 27, 2018 at 12:21 AM To: "wireless-lan@listserv.educause.edu<mailto:wireless-lan@listserv.educause.edu>" <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> Subject: [WIRELESS-LAN] Meraki AP connectivity to eduroam Hi everyone, I'm wondering if someone can provide a little clarity on configuring Meraki to connect to eduroam. The documentation states that " The MR's will need to be defined on the RADIUS server as RADIUS clients (consult RADIUS server documentation to complete this step). " I take this to mean that I will need to define all my AP's, in my case MR42's, in my local RADIUS. Is this correct or is there another way around this on the Meraki. I only have 33 AP's but seems there should be another way. Any help is appreciated. Thanks Mark -- ________________________________________________________________________ Mark McNeil Director, Network Engineering and Operations Fordham University | Fordham IT Tel: 718-817-3763 Business Office: 718-817-3750 Fax: 718-817-5775 email: mcn...@fordham.edu<mailto:mcn...@fordham.edu> <https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.fordham.edu%2F&data=02%7C01%7Ckurtz%40SUSQU.EDU%7C21fdee16a16544743d4708d5f4501291%7Cf78aa315d9b34b8c9d672e8fefdb2d07%7C1%7C0%7C636683547122416925&sdata=zbRkOnLrAPRLbFHCaNZ3ZfYMoJZF%2B%2FczLhm11129T4g%3D&reserved=0> http://www.fordham.edu<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.fordham.edu%2F&data=02%7C01%7Ckurtz%40SUSQU.EDU%7C21fdee16a16544743d4708d5f4501291%7Cf78aa315d9b34b8c9d672e8fefdb2d07%7C1%7C0%7C636683547122416925&sdata=zbRkOnLrAPRLbFHCaNZ3ZfYMoJZF%2B%2FczLhm11129T4g%3D&reserved=0> _____________________________________ ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.proofpoint.com%2Fv2%2Furl%3Fu%3Dhttp-3A__www.educause.edu_discuss%26d%3DDwMGaQ%26c%3DaqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM%26r%3DSpuW56Gv0ljO5PHKQquxycZWXdpeoXD-65qTCRfbCJA%26m%3DUd_xnTtDxQ31wYXQRrHtNG7KWC4RlQafyKm4v58d4Co%26s%3DAx6k-IgEmnjgydhRMO2Gfj6xAzgUN7Tbz_OvYzxaxx8%26e%3D&data=02%7C01%7Ckurtz%40SUSQU.EDU%7C21fdee16a16544743d4708d5f4501291%7Cf78aa315d9b34b8c9d672e8fefdb2d07%7C1%7C0%7C636683547122426929&sdata=NwZymNzeV1IGZZU1Ba9t3LdCA3c%2BTMsGZ3kjwiyRmhM%3D&reserved=0>. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.proofpoint.com%2Fv2%2Furl%3Fu%3Dhttp-3A__www.educause.edu_discuss%26d%3DDwMGaQ%26c%3DaqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM%26r%3DSpuW56Gv0ljO5PHKQquxycZWXdpeoXD-65qTCRfbCJA%26m%3DUd_xnTtDxQ31wYXQRrHtNG7KWC4RlQafyKm4v58d4Co%26s%3DAx6k-IgEmnjgydhRMO2Gfj6xAzgUN7Tbz_OvYzxaxx8%26e%3D&data=02%7C01%7Ckurtz%40SUSQU.EDU%7C21fdee16a16544743d4708d5f4501291%7Cf78aa315d9b34b8c9d672e8fefdb2d07%7C1%7C0%7C636683547122436937&sdata=5GVaZKVtCyZiSwMC5BaSWl14f8ElxUv8A4fDSa3uS%2F0%3D&reserved=0>. -- ________________________________________________________________________ Mark McNeil Director, Network Engineering and Operations Fordham University | Fordham IT Tel: 718-817-3763 Business Office: 718-817-3750 Fax: 718-817-5775 email: mcn...@fordham.edu<mailto:mcn...@fordham.edu> <https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.fordham.edu%2F&data=02%7C01%7Ckurtz%40SUSQU.EDU%7C21fdee16a16544743d4708d5f4501291%7Cf78aa315d9b34b8c9d672e8fefdb2d07%7C1%7C0%7C636683547122436937&sdata=aqfOwBqbfoNpsnR0avYOe0SntKCekYja5vc3AU7cBYc%3D&reserved=0> http://www.fordham.edu<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.fordham.edu%2F&data=02%7C01%7Ckurtz%40SUSQU.EDU%7C21fdee16a16544743d4708d5f4501291%7Cf78aa315d9b34b8c9d672e8fefdb2d07%7C1%7C0%7C636683547122446945&sdata=Jc0Da%2BPplJ5lvD5%2B1GrpLvORLgZIOWR3W0%2FrNqxqX8M%3D&reserved=0> _____________________________________ ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.educause.edu%2Fdiscuss&data=02%7C01%7Ckurtz%40SUSQU.EDU%7C21fdee16a16544743d4708d5f4501291%7Cf78aa315d9b34b8c9d672e8fefdb2d07%7C1%7C0%7C636683547122446945&sdata=KG%2FwPH5jAcsf4Fvj0ACuCnoXORa3baBNPs82waQBrXo%3D&reserved=0>. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss.
