Configure Cisco Meraki
Configure Cisco Meraki wireless access points to use Okta RADIUS Server agent and EAP-TTLS.
See Cisco Meraki RADIUS integration flow for a detailed explanation of the flow between Okta, the Okta RADIUS Server agent, and Cisco Meraki..
Contact Okta Support to have EAP-TTLS support enabled for your Okta org.
Before you begin
Meet the following network connectivity requirements before you install the Okta RADIUS agent:
| Source | Destination | Port/Protocol | Description |
|---|---|---|---|
| Okta RADIUS Agent | Okta Identity Cloud | TCP/443 HTTP |
Configuration and authentication traffic. |
| Client Gateway | Okta RADIUS Agent | UDP/1812 RADIUS (Default, you can change this when you install and configure the RADIUS app) | RADIUS traffic between the gateway (client) and the RADIUS agent (server). |
Limitations
Enroll only a single Okta Verify device. Adding more Okta Verify devices can cause undefined or unexpected behavior.
On using MFA with Cisco Meraki
Okta doesn't recommend using MFA with EAP-TTLS. It's disabled in the Cisco Meraki RADIUS app policy by default.
While technically possible, MFA with EAP-TTLS may not work correctly due to:
- Timeout and retry configurations on the router and supplicants that cause several push requests to be sent, unless the end-user accepts the first push notification quickly.
- Roaming between access points within a zone works with static passwords works as expected, but will result in MFA re-prompts unless Pairwise Master Key caching and Opportunistic Key caching are correctly configured to prevent RADIUS reauthentication.
Typical workflow
|
Task |
Description |
|---|---|
| Download the RADIUS agent | In the Admin Console, go to Settings > Downloads. Download the appropriate Okta RADIUS Agent for your environment. For throughput, availability and other considerations, see Okta RADIUS Server Agent Deployment Best Practices. |
| Install the agent | Install Okta RADIUS Server agent on Windows |
| Configure application | Configure the Cisco Meraki Wireless LAN (RADIUS) application. |
| Configure optional settings | Optional. Configure RADIUS to return group information using vendor-specific settings. |
| Configure gateway | Use the Meraki Admin Console configuration tool to configure Cisco Meraki for RADIUS integration. |
| Configure devices | Cisco Meraki supports a number of devices include Apple, Android, and Windows devices. Configure Cisco Meraki wireless clients. |