Skip to content

SSID RADIUS Servers Configuration

Dashboard Location: Wireless > Configure > SSIDs > Access Control > RADIUS Servers

Wireless SSID RADIUS Authentication and Accounting Management

Section titled “Wireless SSID RADIUS Authentication and Accounting Management”

SSID RADIUS servers configuration in Meraki wireless networks provides administrators with comprehensive Remote Authentication Dial-In User Service (RADIUS) integration capabilities for 802.1X enterprise authentication, network access control, user identity management, and accounting services. This functionality supports centralized authentication infrastructures, Active Directory integration, certificate-based authentication, network access control (NAC) policies, and comprehensive user activity logging. RADIUS integration is essential for implementing enterprise-grade wireless security, supporting bring-your-own-device (BYOD) policies, enabling role-based network access, and maintaining compliance with security standards and regulatory requirements in corporate and educational environments.

Diagram

ssids (meraki.domains.organizations.networks.wireless)

Section titled “ssids (meraki.domains.organizations.networks.wireless)”
NameTypeConstraintMandatoryDefault Value
radiusClass[radius]No

radius (meraki.domains.organizations.networks.wireless.ssids)

Section titled “radius (meraki.domains.organizations.networks.wireless.ssids)”
NameTypeConstraintMandatoryDefault Value
nameStringmin: 1, max: 127No
local_radiusClass[local_radius]No
serversList[servers]No
called_station_idStringmin: 1, max: 127No
authentication_nas_idStringmin: 1, max: 127No
server_timeoutIntegermin: 1, max: 10No
server_attempts_limitIntegermin: 1, max: 5No
radsec_tls_tunnel_timeoutIntegermin: 1, max: 32767No
failover_policyChoiceAllow access, Deny accessNo
load_balancing_policyChoiceRound robin, Strict priority orderNo
accounting_serversList[accounting_servers]No
accounting_interim_intervalIntegermin: 1, max: 360No
attribute_for_group_policiesChoiceAirespace-ACL-Name, Aruba-User-Role, Filter-Id, Reply-MessageNo
overrideBooleantrue, falseNo
guest_vlan_idAnyInteger[min: 1, max: 4094] or String[matches: `(?:[1-9][1-9][0-9][1-9][0-9]2
proxyBooleantrue, falseNo
testingBooleantrue, falseNo
fallbackBooleantrue, falseNo
coaBooleantrue, falseNo
accountingBooleantrue, falseNo
guest_vlanBooleantrue, falseNo

local_radius (meraki.domains.organizations.networks.wireless.ssids.radius)

Section titled “local_radius (meraki.domains.organizations.networks.wireless.ssids.radius)”
NameTypeConstraintMandatoryDefault Value
cache_timeoutIntegermin: 1, max: 86400No
password_authenticationBooleantrue, falseNo
certificate_authenticationClass[certificate_authentication]No

servers (meraki.domains.organizations.networks.wireless.ssids.radius)

Section titled “servers (meraki.domains.organizations.networks.wireless.ssids.radius)”
NameTypeConstraintMandatoryDefault Value
hostStringmin: 1, max: 127Yes
portIntegermin: 0, max: 65535No
secretStringmin: 1, max: 127No
open_roaming_certificate_idIntegermin: 1, max: 65535No
ca_certificateStringmin: 1, max: 4096No
radsecBooleantrue, falseNo

accounting_servers (meraki.domains.organizations.networks.wireless.ssids.radius)

Section titled “accounting_servers (meraki.domains.organizations.networks.wireless.ssids.radius)”
NameTypeConstraintMandatoryDefault Value
hostStringmin: 1, max: 127Yes
portIntegermin: 0, max: 65535No
secretStringmin: 1, max: 127No
ca_certificateStringmin: 1, max: 4096No
radsecBooleantrue, falseNo

certificate_authentication (meraki.domains.organizations.networks.wireless.ssids.radius.local_radius)

Section titled “certificate_authentication (meraki.domains.organizations.networks.wireless.ssids.radius.local_radius)”
NameTypeConstraintMandatoryDefault Value
enabledBooleantrue, falseNo
use_ldapBooleantrue, falseNo
use_ocspBooleantrue, falseNo
ocsp_responder_urlStringmin: 1, max: 1024No
client_root_ca_certificateStringmin: 1, max: 4096No

Example-1: The example below demonstrates wireless SSID RADIUS servers configuration using tested YAML configuration from pipeline fixtures.

meraki:
domains:
- name: !env domain
administrator:
name: !env org_admin
organizations:
- name: !env org
networks:
- name: !env network_name
product_types:
- appliance
- switch
- wireless
- camera
- sensor
- cellularGateway
wireless:
ssids:
- name: CORP
ssid_number: "0"
radius:
accounting_servers:
- host: 10.64.0.230
port: 1813
secret: cisco123
radsec: false
servers:
- host: 100.64.0.230
secret: abc123
port: 1812
radsec: false
called_station_id: 00-11-22-33-44-55:AP1
authentication_nas_id: 00-11-22-33-44-55:AP1
server_timeout: 5
server_attempts_limit: 5
# radsec_tls_tunnel_timeout: 600
# failover_policy: Deny access
# load_balancing_policy: Round robin
accounting_interim_interval: 5
attribute_for_group_policies: Filter-Id
# guest_vlan_id: 1
proxy: false
testing: true
server_timeout: 5
server_attempts_limit: 3
coa: true
fallback: true
override: true
accounting: true
accounting_interim_interval: 360
attribute_for_group_policies: Filter-Id