This site requires JavaScript to be enabled
External Customer KB > General > Configure the RADIUS Server Interface with Meraki Access Points
Configure the RADIUS Server Interface with Meraki Access Points
Article: KB0010450 Published: 05/12/2022 Last modified: 05/12/2022

This topic describes how to configure Meraki Access Points (APs) to use OneLogin as a RADIUS server, enabling your users to connect to WiFi using their OneLogin credentials.  

For a quick overview on the connecting RADIUS to Meraki, check out this video:

"

OneLogin has a RADIUS server interface that will accept RADIUS authentication requests from devices that support the RADIUS protocol, like Meraki AP devices. When OneLogin receives an Access-Request message, the user is authenticated against the directory linked to the user.

To configure a Meraki AP to use the OneLogin RADIUS server, you must:

  1. Configure OneLogin RADIUS server
  2. Configure your Meraki SSID RADIUS settings
  3. Configure your users' client devices to connect to your Meraki Access Point

Supported configurations

  • OneLogin RADIUS server supports the PAP, EAP-TTLS/PAP, and EAP-PEAP/MSCHAPv2 authentication schemes
  • Your Meraki AP must use WPA-2 Enterprise with RADIUS.
  • You cannot use Meraki Splash pages hosted by Meraki.

Configuring OneLogin RADIUS server

  1. Log in to OneLogin as an administrator.

  2. Go to Settings -> RADIUS.

  3. Click the New Configuration button.

    The RADIUS configuration page appears.

  4. Enter a name that helps you identify this configuration; for example, "Meraki AP"

  5. In the Secret field, enter the string that is defined as the shared secret for your Meraki AP device.

    If you already have a shared secret defined for you Meraki AP, enter it here. If not, you can create one and enter it here. You will re-use it when you configure your Meraki AP device to talk to the OneLogin RADIUS server.

    Your shared secret should be random, at least 22 characters long, and can use any standard alphanumeric and special characters.

    Note. If you create a new shared secret, it can take up to an hour to be usable due to caching.

  6. Enter the IP address of your Meraki AP device.

    You can enter more than one, separated by spaces.

  7. Click Save.

  8. Confirm your attribute mappings.

    After you click Save, the Attributes section shows the mapping of RADIUS attributes (left) to OneLogin attributes (right).

    By default, the OneLogin RADIUS service uses the OneLogin Email as the RADIUS User-Name and the OneLogin Password as the RADIUS User-Password.

    For a typical Meraki AP device that uses username and password for authentication, accept these defaults. Your OneLogin configuration is done. Now you can configure your Meraki SSID RADIUS settings.

Configure Meraki SSID RADIUS settings

  1. Log into your Meraki AP as an administrator.

  2. Go to Wireless > SSIDs.

  3. On the Access control line, click edit settings.

  4. On the Access control page, configure the following fields.


    • WPA2-Enterprise with: my RADIUS server

    • WPA encryption mode: WPA2 only

    • RADIUS servers:

      Host: Enter the IP address of the OneLogin RADIUS service endpoint you use:

      Primary US (radius.us.onelogin.com): 52.34.255.206
      Secondary US (radius2.us.onelogin.com): 18.216.23.112
      Primary EU (radius.eu.onelogin.com): 35.156.138.255
      Secondary EU (radius2.eu.onelogin.com): 54.246.141.64

      Port: 1812

      Secret: Your RADIUS Secret (as configured in OneLogin)

  5. Click Save Changes.

    Your Meraki configuration is done. Now you can create your WiFi profile.

Configure User Devices to Connect to the Meraki AP

To give your users access to the Meraki AP using OneLogin RADIUS, you or your users must configure their devices for access. The method you use depends on your organization's preferred tools and procedures. You can find instructions for the most common devices here:


Expand/Collapse Comments
:     
Was this helpful?
YesYesNoNo