This is the best step by step Meraki video I have ever found online. Great job! Just wondering if you have figured out a way to do a captive portal while keep the RADIUS private - away from public Internet?
Thanks, I have built a splash page with validating the credentials on local database. Its not dot1x but if you can build the logic, it will work without the need to go to have the DB public th-cam.com/video/LtmaSYwjaP4/w-d-xo.html
Excellent Video!! Quick question, though: If my RADIUS is bahind my meraki, and not on the WAN.... how can I connect to the Radius? It's not working ... :(
Hello, I have followed your video to setup the clients in NPS and the radius server settings in the Meraki dashboard, but when I test all the access points fail. I can ping the NPS server from the AP and we previously had setup a radius server for our VPN authentication and that works. Any thoughts why the APs are failing?
Hi Fady, This is an excellent video, thank you. we have a situation here, we are trying to separate the Guest wifie within the DMZ zone with the corporate network, which is not a problem with the APs concentrate back to the DMZ zone, but we also want the guest wifi authenticate with our ISE server, and looks like the MX as a concentrator doesn't support the ISE, Do you have experience on this? and if we keep the old cisco APs co-existing with Meraki APs, are they will interfering each other even with differient SSID>?
Do the switch ports that the AP's are connected to need to be configured as trunks to carry the 3 vlans? I understand the switch port to the router needs to be trunked
I noticed something, you used public ip addresses when you created your VLANs, my question is this one, In a real scenario you can't use public ip ranges as your vlans, is that correct?
You are right, in real life scenario, you would use private IP range for your LAN, however, you can configure any range for your LAN as long as the subnet won’t be routed to the internet.
When I configure the Server Radius. IN the Server Radius: I only need to add the IP of the meraki dashboard and its SECRET Key, or do I need to add to All the access points and their IP addresses each one with th
Hey Bmuvi, Dot1x needs certificate to encrypt the traffic and you should manage CA to issue and control those certificates but that has nothing to do with Meraki, its more of the way Dot1x works.
Hi Fady,This is a great video and got me up and running.I am extremely new to RADIUS and Meraki AP..I can successfully connect to my radius server via Meraki and I can even take a laptop, connect to my wireless network and get authenticated against the RADIUS server.My problem is I am not getting an IP address.I am a little lost and not where to go.. I am assuming I need to set a policy on the RADIUS server to give me an IP address. We use a windows DC with DHCP to give out our IP in our environment and I would like to create a policy is RADIUS to point this DHCP scope and hand out IPs.. I cant seem to find this setting and if I am even on the right track. Any advise is greatly appreciated.Thanks Jason
I will take a look again. The port it's connected to is configured as a Trunk with a Native vLan on the same subnet as the DHCP server with iphelper enabled. Thanks again.
Update - I had our network guys look at the Trunk port. It was configured for one Vlan only. Once we allowed ALL vlans, I am now getting ip addreses.Again, your video is great and got the ball rolling. Thank again!
Fady: for Windows-based wireless clients, do they need to be running the Cisco Network Access Client/Anyconnect, etc. for this to work? Or will the user simply be presented with a standard login without need of additional software?
Thanks Fady! Excellent video. I know that Cisco ISE requires client-software in order to implement a lot of the network-access policies, etc. Looks like Meraki has simplified this.
Thank you Fady! Great video. Just a question, when I trying to test my connectivity. All APs failed, and no Radius attribute used. Any idea? Thank you!
Hi Fady, thanks for response Just want to confirm that, the certificate that we need on Radius Server is "RAS and IAS Server certificate" right. We are using PEAP-MSCHAPv2
Great video thanks Fady I have question for you i have issue with clients not able to get access to the internet for the first 5m minutes or so then everything will work just fine i have called support and Cisco support with no luck (am using Windows radius)
Thanks for the reply!!! No i don't. All i need is to do exactly what you show in the video but am only using Meraki APs and Cisco 3850 SW, MS DHCP and MS RADIUS. Thanks!
Thanks again Fady! Can you please email me at my Gmail account ziyad.riyadh and here's my case 02458474 with the Meraki guys you can get more information about the issue THANKS!
@@FadyNETDecorators kewl! thanks for the reply, my VLAN is just the default VLAN 1, tried moving the AP (MR76) to a trunk port but still not getting an IP, my switch by the way is Cisco C1000 in between my AP and the MX.
@@FadyNETDecorators Oppss! my switch (C1000) port connected to my MX is on dynamic (desirable/auto), if i change it to trunk (vlan 1/native) whole network goes down, port turns BLK status
This video was 7 years ago but solved my problem today. Thank you
That is great to hear.
2020 and this video was excellent. Thanks for sharing your knowledge.
Thanks Marcus
even in 2021 it's still excellent. :-)
Really insightful and comprehensive video. Thanks for sharing.
Awesome explanation. Very clear and very detailed. Much appeciated.
Thanks for the great video, I was looking into the issue with fortigate and you made it easy for me bro
This is the best step by step Meraki video I have ever found online. Great job!
Just wondering if you have figured out a way to do a captive portal while keep the RADIUS private - away from public Internet?
Thanks, I have built a splash page with validating the credentials on local database. Its not dot1x but if you can build the logic, it will work without the need to go to have the DB public
th-cam.com/video/LtmaSYwjaP4/w-d-xo.html
This video is exellent, thank you Fady!
This is really an awesome explanation, Appreciated ..
Good explanation. Thanks
Thank you Ram
Excellent Video!! Quick question, though: If my RADIUS is bahind my meraki, and not on the WAN.... how can I connect to the Radius? It's not working ... :(
Hello, I have followed your video to setup the clients in NPS and the radius server settings in the Meraki dashboard, but when I test all the access points fail. I can ping the NPS server from the AP and we previously had setup a radius server for our VPN authentication and that works. Any thoughts why the APs are failing?
Just wondering if you added the APs subnet/IPs as clients to your NPS server?
Hi Fady,
This is an excellent video, thank you. we have a situation here, we are trying to separate the Guest wifie within the DMZ zone with the corporate network, which is not a problem with the APs concentrate back to the DMZ zone, but we also want the guest wifi authenticate with our ISE server, and looks like the MX as a concentrator doesn't support the ISE, Do you have experience on this? and if we keep the old cisco APs co-existing with Meraki APs, are they will interfering each other even with differient SSID>?
What about if you have 50 access points? Do you need to add each one of them as a Radius client?
Yes but you can also do range as client if those AP IPs can be summarized.
Really helpful, thanks for explanation
Do the switch ports that the AP's are connected to need to be configured as trunks to carry the 3 vlans? I understand the switch port to the router needs to be trunked
Hi Scott, yes that is right, if you configure the Layer 3 at the MX then the switch needs to trunk those VLANs to the MX and the AP.
I noticed something, you used public ip addresses when you created your VLANs, my question is this one, In a real scenario you can't use public ip ranges as your vlans, is that correct?
You are right, in real life scenario, you would use private IP range for your LAN, however, you can configure any range for your LAN as long as the subnet won’t be routed to the internet.
Excellent, thank you Fady.
When I configure the Server Radius.
IN the Server Radius: I only need to add the IP of the meraki dashboard and its SECRET Key, or do I need to add to All the access points and their IP addresses each one with th
Hi it is mandatory for this configuration create a Server CA ? I think when you set up 8021x in Meraki is mandatary to have a CA server
Hey Bmuvi, Dot1x needs certificate to encrypt the traffic and you should manage CA to issue and control those certificates but that has nothing to do with Meraki, its more of the way Dot1x works.
Hi Fady,This is a great video and got me up and running.I am extremely new to RADIUS and Meraki AP..I can successfully connect to my radius server via Meraki and I can even take a laptop, connect to my wireless network and get authenticated against the RADIUS server.My problem is I am not getting an IP address.I am a little lost and not where to go.. I am assuming I need to set a policy on the RADIUS server to give me an IP address. We use a windows DC with DHCP to give out our IP in our environment and I would like to create a policy is RADIUS to point this DHCP scope and hand out IPs.. I cant seem to find this setting and if I am even on the right track.
Any advise is greatly appreciated.Thanks
Jason
I will take a look again. The port it's connected to is configured as a Trunk with a Native vLan on the same subnet as the DHCP server with iphelper enabled.
Thanks again.
Update - I had our network guys look at the Trunk port. It was configured for one Vlan only. Once we allowed ALL vlans, I am now getting ip addreses.Again, your video is great and got the ball rolling. Thank again!
Do we need to configure trunk or access port between access switch and Access Point
Fady: for Windows-based wireless clients, do they need to be running the Cisco Network Access Client/Anyconnect, etc. for this to work? Or will the user simply be presented with a standard login without need of additional software?
Thanks Fady! Excellent video. I know that Cisco ISE requires client-software in order to implement a lot of the network-access policies, etc. Looks like Meraki has simplified this.
Great way of explaining..😘
Thank you Fady! Great video.
Just a question, when I trying to test my connectivity. All APs failed, and no Radius attribute used.
Any idea?
Thank you!
Hi Fady, thanks for response
Just want to confirm that, the certificate that we need on Radius Server is "RAS and IAS Server certificate" right.
We are using PEAP-MSCHAPv2
Great video thanks Fady
I have question for you i have issue with clients not able to get access to the internet for the first 5m minutes or so then everything will work just fine i have called support and Cisco support with no luck (am using Windows radius)
Thanks for the reply!!! No i don't. All i need is to do exactly what you show in the video but am only using Meraki APs and Cisco 3850 SW, MS DHCP and MS RADIUS.
Thanks!
Thanks Fady! I already did but they can't get it resolved.
Thanks again Fady! Can you please email me at my Gmail account ziyad.riyadh and here's my case 02458474 with the Meraki guys you can get more information about the issue THANKS!
Thanks again for your help Fady the guys at the support are great and the did help me to fix the issue!
clearly explain and great
How to configure to use Windows DHCP server to providing IP client by different VLAN for each company ?
Great video
Thanks!
I have this setup with mx84 as dhcp server, nps on win2k19 eval , my nps granted access but not IP from dhcp server, did i miss anything? :(
you might need to check the VLANs between the AP and the MX. If you have switch in between, you might need to check the native VLANs as well.
@@FadyNETDecorators kewl! thanks for the reply, my VLAN is just the default VLAN 1, tried moving the AP (MR76) to a trunk port but still not getting an IP, my switch by the way is Cisco C1000 in between my AP and the MX.
@@kewlheadkewlhead4038 Try to have the MX trunk port facing the switch with native VLAN 1. Hope that would work.
@@FadyNETDecorators Oppss! my switch (C1000) port connected to my MX is on dynamic (desirable/auto), if i change it to trunk (vlan 1/native) whole network goes down, port turns BLK status
thank you Fady
Nice
Fady is that Arab name ??
Zee Max , its indeed
Amazing
Good stuff
5 Starts