Skip to main content
Cisco Meraki

Using RADIUS Attributes to Apply Group Policies

RADIUS attributes used with Group policies can apply custom network policies to wireless users. This can be accomplished using a RADIUS attribute, where the attribute contains the name of a group policy configured in Dashboard.

Requirements

This configuration assumes that an SSID has already been configured to perform WPA2-Enterprise authentication with RADIUS, and that one or more group policies have been created in Dashboard.

Group Policies for user groups can only be configured on an SSID that uses a local (customer-premise) RADIUS server for authentication at association time. 

 

Additionally, the RADIUS server must be configured to send an attribute along with its accept message, containing the name of a group policy configured in Dashboard (as a String). Commonly, the Filter-Id attribute will be used for this purpose. The screenshot below shows a network policy in Windows NPS, configured to pass the name of a Dashboard group policy ("LANAccess") within the Filter-Id attribute:

69c6e53b-0c3d-455e-bc1e-cc32dd0daac7

RADIUS Attribute Details

The following RADIUS attributes can be used to specify a group policy:

Dashboard Configuration

Once the above requirements have been met, the following configuration steps will associate the Dashboard group policy with the configured RADIUS attribute:

  1. Navigate to Wireless > Configure > Access control and select the appropriate SSID. 
  2. Under RADIUS attribute specifying group policy name, select the attribute configured earlier. In the screenshot below, the attribute used is Filter-Id:

d120b71a-9b8a-4522-b4e4-2a798b269e24

  • Was this article helpful?