How to Setup Meraki Network Entra ID Authentication Using RADIUS

Prerequisites for Setting Up Entra ID Authentication With RADIUS in Meraki Network

  1. Registering the application in your tenant
  2. Creating Cloud Radius Instance
  3. Being a Subscription Owner or Network Administrator or Log Reader
  4. Register your IP Address in your RADIUS Access Policies

Introduction - How Entra ID Authentication Works in Meraki Networks and EZRADIUS

For your Meraki Network network to authenticate users with Entra ID, you need to enable RADIUS authentication and connect it to a RADIUS service that supports Entra ID. This guide will show you how to enable RADIUS authentication in WPA-Enterprise with Meraki and EZRADIUS. (Note: This can be achieve with Entra ID username and password but we recommend using EAP-TLS with Entra ID for a more secure and easier authentication method, while EAP-TLS might sound intimidating, here is a 20 minute video on setting up everything from the RADIUS server to the Certificate Authority). How RADIUS Authentication Works with Meraki Network and EZRADIUS and Entra ID

How to Enable RADIUS Authentication In Your Meraki Network - Video Version

How to Enable RADIUS Authentication In Your Meraki Network - Step by Step

  1. Go to your Meraki Network Controller.
  2. Click on “Wireless” on the left menu and Select “SSIDs”. How To Enable Cloud RADIUS Meraki Network Settings
  3. If you already have an existing network, click on “Edit settings” on the network you want to add RADIUS authentication to. If you don’t have a network, select “enabled” on the network you want to add RADIUS authentication to. (In this case, I am going to use the “Keytos Docs” network). How To Enable Cloud RADIUS Meraki Network Settings
  4. Next we are going to select “Enterprise with” in the “Security” menu and select “my RADIUS server” in the dropdown. How to Setup Cloud RADIUS Profile in Meraki Network
  5. Scroll down to the “RADIUS” section. You can keep the default settings for all the other sections or change them to your liking. How to Setup Cloud RADIUS Profile in Meraki Network
  6. Now click on the “Add Server” link. How to Setup Cloud RADIUS Profile in Meraki Network
  7. In another Tab, go to your EZRADIUS dashboard and copy the “RADIUS Server IP” from the “Policies” page (You can repeat this step for the three IPs for higher availability). How to Setup Cloud RADIUS Profile in Meraki Network
  8. From your Policy Details, Copy the “Shared Secret” you setup for this client IP Address (In this case, my IP address is 34.2.2.1) How to Setup Cloud RADIUS Profile in Meraki Network
  9. Now we will go back to the Meraki Network Network Controller and paste the “RADIUS Server IP” in the “Host IP or FQDN” field.
  10. In the “Port” field, enter “1812”.
  11. In the “Secret” field, paste the “Shared Secret” you copied from EZRADIUS.
  12. Click on “Done”. How to Setup Cloud RADIUS Profile in Meraki Network
  13. If you want to add multiple IPs for higher availability, click on “Add a RADIUS server” and repeat the steps for the other two IPs.
  14. If you want to enable Accounting (It gives you more information about each session such as data used, connection time, etc.), you can do so by adding the same IP addresses and Shared Secrets for Accounting Except the port is 1813 instead of 1812.
  15. If you have setup your EZRADIUS with Filter-ID or VLANs, you can setup the filter ID or VLAN in their respective fields.
  16. Scroll to the bottom and click on “Save Changes”. How to Add RADIUS Server for Entra ID in Meraki Network

How to test Wifi Certificate Authentication in Meraki Network

Now that we have setup the RADIUS authentication in your Meraki Network, we recommend manually testing the authentication to make sure everything is working as expected before dealing with Intune or any other MDM. If you are using EZCA, first you will want to enable self service certificates and manually create a certificate, once you have created the certificate and installed it in your user store, you can test the wifi authentication using the certificate.

How to Troubleshoot Certificate Authentication in EZRADIUS

The best way to troubleshoot certificate authentication in EZRADIUS is to check the logs. You can do this by going to the “Audit Logs” page in your EZRADIUS dashboard and filtering the logs by the user you are trying to authenticate. You can read more troubleshooting tips in our troubleshooting guide.

How to Connect Devices to Meraki Network with Entra ID Certificate Authentication

Now that you have setup your Meraki Network with RADIUS authentication, now you can distribute your certificates using Intune and automatically authenticate your users to the network. If you are not using certificates, you can follow this guide to setup your devices to authenticate with their Entra ID username and password.