Skip to main content

Cisco Meraki RADIUS integration

Multi-Factor Authentication (MFA) is an extra layer of security used when logging into websites or apps. Individuals are authenticated through more than one required security and validation procedure that only you know or have access to.

RADIUS is a protocol commonly used to authenticate, authorize, and account for user access and actions. Acceptto offers a simple solution for adding MFA to Cisco Meraki via its Radius solution.

Use this guide to configure VPN on Cisco Meraki with the Acceptto RADIUS MFA authentication solution.

Prerequisites

  • Acceptto RADIUS Agent that is configured and connected to your user directory. For example, Microsoft Active Directory (AD).

    For more information, see the Acceptto RADIUS deployment guide.

  • Cisco Meraki user account with administrative access.

Acceptto RADIUS Agent configuration

To integrate Acceptto with your Cisco Meraki, you will need to install the Acceptto RADIUS Agent on a machine within your network. This server will receive RADIUS requests from your Cisco Meraki, check with the AD server to perform primary authentication, and then contact the Acceptto cloud service for secondary authentication.

Follow these steps to configure the Acceptto RADIUS Agent.

  1. Log in to the Acceptto RADIUS Agent as an administrator.

  2. Open the radius-agent-config.env file with an editor.

    The file is located in the installed directory of RADIUS Agent. RADIUS clients are configured in this setting.

    Acceptto RADIUS agent
  3. At the end of the radius-agent-config.env file, set the following configuration for the ARA_CLIENTS attribute:

    The values should be separated by semicolons (;).

    ARA_CLIENTS = <An optional name for your Meraki>; <IP address of your Meraki>; <a shared secret>

    For example, set:

    ARA_CLIENTS = MerakiVPN;192.168.1.50/32;testing12345
    ARA_CLIENTS configuration
  4. Save the file.

  5. Run the following command to apply the changes:

    docker-compose down && docker-compose up -d

Cisco Meraki configuration

In this section, you will configure Cisco Meraki as a service provider (SP).

  1. Log in to the Meraki management console as an administrator and go to Security Appliance.

  2. Go to Configure > Client VPN.

  3. Select Enabled to enable client VPN.

  4. Set the following options to your preferred configurations:

    • Client VPN subnet

    • Hostname

    • DNS server

    • WINS server

    • Shared secret

  5. Set Authentication type to RADIUS and enter your Acceptto RADIUS Agent information following the image below:

    IPsec settings
  6. Click Save.

Test your application integration

  1. Create a L2TP VPN on your device to connect to your Meraki VPN.

  2. Enter your username and password.

    You will receive a push notification on your It’sMe mobile application to authorize access to your VPN server.

    FortiGate RADIUS its me

Support

If you have questions or need assistance, contact SecureAuth Support.

Sales

Want to learn more about our MFA solutions? Contact our Professional Services for a demo today.

Disclaimer

All product names, trademarks, and registered trademarks are the property of their respective owners.

All company, product, and service names used in this document are for identification purposes only. The use of these names, trademarks, and brands do not constitute an endorsement by the SecureAuth Corporation.