SSID RADIUS servers configuration in Meraki wireless networks provides administrators with comprehensive Remote Authentication Dial-In User Service (RADIUS) integration capabilities for 802.1X enterprise authentication, network access control, user identity management, and accounting services. This functionality supports centralized authentication infrastructures, Active Directory integration, certificate-based authentication, network access control (NAC) policies, and comprehensive user activity logging. RADIUS integration is essential for implementing enterprise-grade wireless security, supporting bring-your-own-device (BYOD) policies, enabling role-based network access, and maintaining compliance with security standards and regulatory requirements in corporate and educational environments.
Example-1: The example below demonstrates SSID RADIUS servers configuration.
This configuration defines RADIUS authentication and accounting servers for enterprise wireless security. The example includes server addresses, shared secrets, port configurations, and failover settings for centralized authentication and authorization.
The CORP SSID (SSID 0) is configured to use RADIUS authentication with advanced features enabled, including Change of Authorization (CoA), accounting, and fallback to secondary servers. RADIUS server timeouts are set to 5 seconds, with a maximum of 3 retry attempts, and accounting updates are sent every 360 seconds. The SSID also supports RADIUS testing, group policy override, and uses the Filter-Id attribute to assign group policies. RADIUS proxying is disabled. The Guest SSID (SSID 1) appears partially configured, using port 1813 with a shared secret from the environment variable radius_shared_secret, and RADSEC (RADIUS over TLS) is disabled. However, the configuration is incomplete as it’s missing higher-level radius structure and other required fields.