Configure Cisco Meraki
Configure Cisco Meraki wireless access points to use Okta RADIUS Server agent and EAP-TTLS.
See Cisco Meraki RADIUS integration flow for a detailed explanation of the flow between Okta, the Okta RADIUS Server agent, and Cisco Meraki.
Contact Okta Support to have EAP-TTLS support enabled for your Okta org.
Before you begin
Meet the following network connectivity requirements before you install the Okta RADIUS agent:
| Source | Destination | Port/Protocol | Description |
|---|---|---|---|
| Okta RADIUS Agent | Okta Identity Cloud | TCP/443 HTTP |
Configuration and authentication traffic. |
| Client Gateway | Okta RADIUS Agent | UDP/1812 RADIUS (Default, you can change this when you install and configure the RADIUS app) | RADIUS traffic between the gateway (client) and the RADIUS agent (server). |
Okta doesn't recommend using MFA with EAP-TTLS. It's disabled in the Cisco Meraki RADIUS app policy by default.
While technically possible, MFA with EAP-TTLS may not work correctly due to:
- Timeout and retry configurations on the router and supplicants that cause several push requests to be sent.
- Roaming between access points within a zone works with static passwords works as expected, but results in MFA reprompts unless Pairwise Master Key caching and Opportunistic Key caching are correctly configured to prevent RADIUS re-authentication.
Typical workflow
|
Task |
Description |
|---|---|
| Download the RADIUS agent |
In the Admin Console, go to . Download the appropriate Okta RADIUS Agent for your environment.For throughput, availability, and other considerations, see Okta RADIUS Server Agent Deployment Best Practices. |
| Install the agent | Install Okta RADIUS server agent on Windows |
| Configure the application | Configure the Cisco Meraki Wireless LAN (RADIUS) application. |
| Configure optional settings | Optional. Configure RADIUS to return group information using vendor-specific settings. |
| Configure the gateway | Use the Meraki Admin Console configuration tool to configure Cisco Meraki for RADIUS integration. |
| Configure devices | Cisco Meraki supports several devices, including Apple, Android, and Windows devices. Configure Cisco Meraki wireless clients. |