Many organizations have an existing user authentication or directory server that they would like to use to control access to the wireless LAN. Any type of authentication server with a RADIUS interface can be integrated with Splash Access an the Meraki wireless network. The Meraki cloud allows an administrator to configure multiple RADIUS servers for failover.
When an externally hosted RADIUS server is used with MAC-based access control though Splash Access , the Meraki APs must be able to reach the RADIUS server. The Meraki cloud offers a test tool that enables an administrator to verify connectivity of all of the Meraki APs to the RADIUS server, and to check a particular set of user credentials against the RADIUS server.
RADIUS attributes used with Group policies can apply custom network policies to wireless users. This can be accomplished using a RADIUS attribute, where the attribute contains the name of a group policy configured in the Meraki and Splash Access Dashboard.
The RADIUS server must be configured to send an attribute along with its accept message, containing the name of a group policy configured in Dashboard (as a String). Commonly, the Filter-Id attribute will be used for this purpose. The screenshot below shows a network policy in Windows NPS, configured to pass the name of a Dashboard group policy (“LANAccess”) within the Filter-Id attribute:
The following table describes what rules, restrictions, and other settings can be controlled via group policy on each platform. Only features that are available for the network will be displayed when configuring a group policy.
|MR Access Points||MX or Z1 with Enterprise License||MX with Advanced Security License|
|Per-client bandwidth limit||✔||✔||✔|
|Splash page authorization||✔|
|Layer 3 firewall rules||✔||✔||✔|
|Layer 7 firewall rules||✔||✔||✔|
|Traffic shaping rules||✔||✔||✔|