Dashboard Location: Wireless > Configure > SSIDs > Access Control > RADIUS Servers
SSID RADIUS servers configuration in Meraki wireless networks provides administrators with comprehensive Remote Authentication Dial-In User Service (RADIUS) integration capabilities for 802.1X enterprise authentication, network access control, user identity management, and accounting services. This functionality supports centralized authentication infrastructures, Active Directory integration, certificate-based authentication, network access control (NAC) policies, and comprehensive user activity logging. RADIUS integration is essential for implementing enterprise-grade wireless security, supporting bring-your-own-device (BYOD) policies, enabling role-based network access, and maintaining compliance with security standards and regulatory requirements in corporate and educational environments.
Name Type Constraint Mandatory Default Value radius Class [radius]
No
Name Type Constraint Mandatory Default Value name String min: 1
, max: 127
No local_radius Class [local_radius]
No servers List [servers]
No called_station_id String min: 1
, max: 127
No authentication_nas_id String min: 1
, max: 127
No server_timeout Integer min: 1
, max: 10
No server_attempts_limit Integer min: 1
, max: 5
No radsec_tls_tunnel_timeout Integer min: 1
, max: 32767
No failover_policy Choice Allow access
, Deny access
No load_balancing_policy Choice Round robin
, Strict priority order
No accounting_servers List [accounting_servers]
No accounting_interim_interval Integer min: 1
, max: 360
No attribute_for_group_policies Choice Airespace-ACL-Name
, Aruba-User-Role
, Filter-Id
, Reply-Message
No override Boolean true
, false
No guest_vlan_id Any Integer[min: 1
, max: 4094
] or String[matches: `(?:[1-9] [1-9][0-9] [1-9][0-9]2 proxy Boolean true
, false
No testing Boolean true
, false
No fallback Boolean true
, false
No coa Boolean true
, false
No accounting Boolean true
, false
No guest_vlan Boolean true
, false
No
Name Type Constraint Mandatory Default Value cache_timeout Integer min: 1
, max: 86400
No password_authentication Boolean true
, false
No certificate_authentication Class [certificate_authentication]
No
Name Type Constraint Mandatory Default Value host String min: 1
, max: 127
Yes port Integer min: 0
, max: 65535
No secret String min: 1
, max: 127
No open_roaming_certificate_id Integer min: 1
, max: 65535
No ca_certificate String min: 1
, max: 4096
No radsec Boolean true
, false
No
Name Type Constraint Mandatory Default Value host String min: 1
, max: 127
Yes port Integer min: 0
, max: 65535
No secret String min: 1
, max: 127
No ca_certificate String min: 1
, max: 4096
No radsec Boolean true
, false
No
Name Type Constraint Mandatory Default Value enabled Boolean true
, false
No use_ldap Boolean true
, false
No use_ocsp Boolean true
, false
No ocsp_responder_url String min: 1
, max: 1024
No client_root_ca_certificate String min: 1
, max: 4096
No
Example-1: The example below demonstrates wireless SSID RADIUS servers configuration using tested YAML configuration from pipeline fixtures.
- name : !env network_name
called_station_id : 00-11-22-33-44-55:AP1
authentication_nas_id : 00-11-22-33-44-55:AP1
# radsec_tls_tunnel_timeout: 600
# failover_policy: Deny access
# load_balancing_policy: Round robin
accounting_interim_interval : 5
attribute_for_group_policies : Filter-Id
accounting_interim_interval : 360
attribute_for_group_policies : Filter-Id