Skip to main content

Search

Cloudi-Fi Knowledge Base

Configuring RADIUS on Cisco Meraki to enable 802.1x

Default Admin
  • Updated

How to configure 802.1X authentication on Cisco Meraki access points using Cloudi-Fi as the RADIUS provider.

Prerequisites

Before starting, ensure that you have the following prerequisites:

Source Destination Port Protocol Action Comment
802.1x subnet Cloudi-Fi IPs 1815 UDP Allow RADIUS traffic
802.1x subnet Any 80 TCP Allow HTTP traffic
802.1x subnet Any 443 TCP Allow HTTPS traffic
802.1x subnet Any 53 UDP/TCP Allow DNS resolution
* * * * Deny To be adjusted according to your needs

1. Get Radius information

You will need the Radius information (Server IPs, Secret, Ports) to proceed with the setup.

Parameter Description
RADIUS IPs Provided by Cloudi-Fi
Ports UDP 1815 (Authentication) and 1813 (Accounting)
Shared Secret Obtain via the Cloudi-Fi chatbot or Support team

You can get the Secret by asking in the Chatbot. Cloudi-Fi’s Support team will provide you with the necessary information.

Cloudi-Fi - Get Radius secret for Meraki

  1. What shared secret is used for the Radius server for 802.1X for Cisco Meraki? (Please save this confidential information securely, and do not share it publicly).

2. Generate the API Key

  • Navigate to the Meraki administration page
  • Select "Organization" then "API & Webhooks"

Meraki UI - Go to API webhooks.jpeg

  • Click on Generate API Key
  • Tick the box to confirm that you saved the key and click on Done

Meraki UI - Generate API Key for Cloudi-Fi.jpeg

Note: there is a limit of only two API keys per Meraki administrator.

3. Connect your Meraki organization with your Cloudi-Fi tenant

  • Navigate to Cloudi-Fi administration UI
  • Go to "Configuration" > "Integrations"
  • Select "Meraki" from the integration list

Cloudi-Fi UI - Go to Meraki integration.jpeg

If the "Integration" section is missing, ensure the "Integration Menu" is enabled in your Administrator's profile
  • Click on "Enable this Integration" to initiate a new Activation.
  • Synchronization Mode Selection:
    • Currently, only "Automatic synchronization" mode is available.
    • Click "Automatic" to proceed.
A manual mode will be introduced in the future for companies opting not to share an API key.

Cloudi-Fi UI - Integration - Meraki enable.png

  • Configuration Steps:
    • Choose the appropriate Meraki Cloud (World or China).
    • Paste the API key from the Meraki portal.
    • Click "Connect" to initiate the synchronization process.
  • Wizard Configuration:
    • The wizard will automatically import your Meraki networks.
    • Imported networks will appear in Cloudi-Fi Admin UI under "locations".
Note: It could be useful to create multiple activations if you have devices connected to different Meraki Clouds or multiple Meraki Organisations.

Cloudi-Fi UI - Integration - Meraki - Paste API Key.png

4. Define the synchronization settings

  • Define the following parameters:
    • Activation name
    • Create_locations
      • From networks - only network tags will be imported
      • From AP tags - only AP tags will be imported
    • Import
      • Both MR (access points) and MX (security appliances)
      • Only MX
      • Only MR
    • Scan
      • Everywhere: Automatically adds new Meraki networks to the locations list
      • Only some networks / Only some network tags: New networks appear in the integration for selective import

Cloudi-Fi UI - Define Meraki Integration settings.png

5. Configure your SSID

  1. Log in to the Cisco Meraki dashboard
  2. Select the Meraki network you want to enable 802.1X
  3. Navigate to the “Access Control” tab. 
  4. Configure as follows:
  • Give it a name 
  • Security: Enterprise with my Radius Server
  • Splash Page: None (direct access)

6. Configure the Radius server

Click add a server and configure

Parameter Description
RADIUS IPs Provided by Cloudi-Fi
Ports UDP 1815 (Authentication) and 1813 (Accounting)
Shared Secret Obtain via the Cloudi-Fi chatbot or Support team

7. Client IP and VLAN

  1. While configuring 802.1X, you can assign clients specific IP addresses and VLANs upon successful authentication.
  2. Scroll to the “Client IP and VLAN” section.
  3. Choose the appropriate option for assigning IP addresses:
    1. Meraki AP Assigned (NAT Mode)
    2. External DHCP server assigned
  4. Configure VLAN settings (if applicable):
    1. If you selected “Use VLAN tagging” in the previous step, select the VLAN tag number to assign clients after authentication.
    2. Ensure that the corresponding VLAN is properly configured on your network infrastructure.

8. Validation

  • After completing the configuration:
  • Connect a test client to the SSID.
  • The client should be prompted for 802.1X credentials.
  • Successful authentication should appear in both:
    • Meraki Dashboard > Wireless > Event log
    • Cloudi-Fi > Users > Authentications

If authentication fails, verify:

  • RADIUS IPs and shared secret match on both sides.
  • UDP port 1815 is reachable from the access point.
  • The Cloudi-Fi RADIUS service is not blocked by your firewall.