How to Configure Cisco Meraki WAP with JumpCloud RADIUS

Posted on by Summa Lai

Get the strength and security of RADIUS without building, maintaining, or monitoring physical servers. It’s also quick to roll out managed RADIUS to your organization to authenticate users to Wi-Fi, VPNs, switches, and network devices securely. This is a full walkthrough of configuring JumpCloud’s RADIUS-as-a-Service (RaaS) and a Meraki Wireless Access Point (WAP)

Settings and Configuration Notes
 

Encryption/Authentication Mode: WPA2 Enterprise

Server IP Addresses: For current RADIUS server IPs, see Configuring a Wireless Access Point (WAP), VPN or Router for JumpCloud’s RADIUS 

RADIUS Port(s): 1812/UDP (Accounting port 1813 is not supported)

Shared Secret: The Shared Secret is created performing the steps in Adding, Editing & Deleting RADIUS Servers in JumpCloud, to view it:

  1. Login to https://console.jumpcloud.com/ as a JumpCloud Administrator user
  2. Click RADIUS from the left-hand navigation
  3. Click edit on the RADIUS server created
  4. The Shared Secret field will be displayed to the right, and you may click the eye icon to make the characters visible

Meraki Configuration

Note: When changing the Host IP of the RADIUS server in the Meraki configuration, also reinput the secret for that record, otherwise testing the new setting may fail.
Steps to configure the Meraki are accurate as of 8/11/2016, if a discrepancy is found, please contact Support with the details.

  1. Navigate a web browser to https://meraki.com/ and go click Login
  2. Login with your Meraki administrator username and password
  3. Click on the Configure menu and choose SSIDs
  4. Find an open SSID (you may need to click Show all my SSIDs for visibility) in a disabled state which we can set to enabled for usage
  5. Click edit settings, which will take you to the Access control tab for the SSID from Step 4
  6. Set the Association requirements to WPA2-Enterprise with the name of the SSID previously created in Step 5
  7. Set the WPA encryption mode to WPA2 only

Note: When using EAP-TTLS/PAP protocol the Test button will not test correctly, but you can test from your workstation after configuring the certificates.

  1. Scroll down the page until you get to the RADIUS server configuration area, and click Add a server, it’s recommended to add both RADIUS server IPs for redundancy.
  2. Type in the RADIUS server IP (Please refer to Configuring a Wireless Access Point (WAP), VPN or Router for JumpCloud’s RADIUS for a list of our current server IP addresses)
  3. Your configuration is complete

For help: Troubleshooting RADIUS Server Authentication
You are now ready for Configuring your WiFi Clients to use JumpCloud RADIUS

Ref: Configuring a Cisco Meraki WAP to JumpCloud’s RADIUS-as-a-Service