Meraki

Prepare Certificates

Download the root certificate of the CA that has issued your RADIUS server certificate as described here. You will need to upload it to your Meraki console later on.

Meraki Configuration

1. Navigate to your Meraki Dashboard

2. Select Wireless > Access control

3. Ensure you have switched to the new UI version of the Access control site
4. Select the SSID you wish to configure RADIUS authentication for (or navigate to Wireless > Configure > SSIDs to create a new SSID first).

5. In the Security section, select Enterprise with and in the dropdown my RADIUS server
6. Under RADIUS, click Add server. Configure the IP address to match the RadSec IP address of your RADIUSaaS instance, set the Port to 2083 and set the Secret value to "radsec" and activate the RadSec checkbox.
7. Click Save

8. To upload and generate the required certificates, navigate to Organization > Certificates. In the top table, click Upload certificate and provide the root certificate of the CA that has signed your RADIUS server certificate, which you should have already downloaded in this step. Your Meraki APs now trust your RADIUS server.
9. Under RadSec AP Certificates, first create an Organization CA by clicking Generate CA. This CA is unique to your Meraki Organization.

10. Subsequently, trust that Organization CA. The Meraki platform will now automatically generate RadSec client certificates for all your APs signed by this CA. The lifetime of the certificate is very long (> 50 years), i.e. you do not have to worry about renewing them.
11. Eventually, establish trust between the APs and your RADIUSaaS platform. Therefore, download the root CA certificate of your Organization CA by clicking Download CA. Now, upload the downloaded CA certificate to your trusted RadSec Connection Certificates.

Links

Link to Meraki's documentation for the RadSec configuration: https://documentation.meraki.com/MR/Encryption_and_Authentication/MR_RADSec