Home > Wireless LAN > Group Policies and Blacklisting > Using RADIUS Attributes to Apply Group Policies

Using RADIUS Attributes to Apply Group Policies

RADIUS attributes used with Group policies can apply custom network policies to wireless users. This can be accomplished using a RADIUS attribute, where the attribute contains the name of a group policy configured in Dashboard.

Requirements

This configuration assumes that an SSID has already been configured to perform WPA2-Enterprise authentication with RADIUS, and that one or more group policies have been created in Dashboard.

Group Policies for user groups can only be configured on an SSID that uses a local (customer-premise) RADIUS server for authentication at association time. 

 

Additionally, the RADIUS server must be configured to send an attribute along with its accept message, containing the name of a group policy configured in Dashboard (as a String). Commonly, the Filter-Id attribute will be used for this purpose. The screenshot below shows a network policy in Windows NPS, configured to pass the name of a Dashboard group policy ("LANAccess") within the Filter-Id attribute:

69c6e53b-0c3d-455e-bc1e-cc32dd0daac7

RADIUS Attribute Details

The following RADIUS attributes can be used to specify a group policy:

Dashboard Configuration

Once the above requirements have been met, the following configuration steps will associate the Dashboard group policy with the configured RADIUS attribute:

  1. Navigate to Wireless > Configure > Access control and select the appropriate SSID. 
  2. Under RADIUS attribute specifying group policy name, select the attribute configured earlier. In the screenshot below, the attribute used is Filter-Id:

d120b71a-9b8a-4522-b4e4-2a798b269e24

You must to post a comment.
Last modified
12:51, 22 Jan 2016

Tags

Classifications

This page has no classifications.

Explore Meraki

You can find out more about Cisco Meraki on our main site, including information on products, contacting sales and finding a vendor.

Explore Meraki

Contact Support

Most questions can be answered by reviewing our documentation, but if you need more help, Cisco Meraki Support is ready to work with you.

Open a Case

Ask the Community

In the Meraki Community, you can keep track of the latest announcements, find answers provided by fellow Meraki users and ask questions of your own.

Visit the Community