Home > Security Appliances > Other Topics > MX and Z1 Source IP for RADIUS Authentication

MX and Z1 Source IP for RADIUS Authentication

Table of contents
No headers

Wireless-capable MX or Z1 devices have the option to authenticate wireless users with a RADIUS server. If this RADIUS server exists on the other side of a VPN tunnel, it will be important to note which IP address the MX/Z1 will use when sending its Access-request messages. This article explains how to determine the source IP address used by a wireless-capable MX or Z1 for RADIUS authentication.
 

The MX and Z1 use the Appliance LAN IP of the highest-numbered VLAN that is included in the VPN as the source address to reach the RADIUS server located on the other side of the VPN tunnel. In the example below, we have an MX60W configured with 2 VLANs 10 and 20, and an SSID named “PARIS” configured for “My RADIUS SERVER” authentication. Please notice that the SSID's VLAN Assignment is set to default(10):

a9b41681-dae4-4deb-a19d-8eb001affefc

 

The following figure illustrates the SSID which has been configured to use VLAN 10 and Authentication type "My RADIUS server".

In Dashboard, under Security Appliance/Teleworker Gateway > Configure > Wireless  > SSID 1:

2d929ec0-3ee8-448c-93c0-887cd4f1ce06
 

NPS server logs can be referenced to observe which IP the RADIUS request is sourced from. The following figure illustrates how the MX60W in this case is using 192.168.51.1 (VLAN 20 - Appliance LAN IP) as the source IP to reach the RADIUS server:

a4ff27c0-0f5b-4f29-981c-b8fe52406f5b

 

Last modified

Tags

Classifications

This page has no classifications.

Explore the Product

Click to Learn More

Article ID

ID: 1400

Explore Meraki

You can find out more about Cisco Meraki on our main site, including information on products, contacting sales and finding a vendor.

Explore Meraki

Contact Support

Most questions can be answered by reviewing our documentation, but if you need more help, Cisco Meraki Support is ready to work with you.

Open a Case

Ask the Community

In the Meraki Community, you can keep track of the latest announcements, find answers provided by fellow Meraki users and ask questions of your own.

Visit the Community