Header Only - DO NOT REMOVE - Extreme Networks
Question

Meraki MR AP's Integration with AVAYA IDE RADIUS

  • 29 July 2019
  • 8 replies
  • 330 views

Hi there,

We are adding 20 Meraki MR45 APs beside 40 existing AVAYA Wirelss APs ; however, the client currently is using Avaya Identity Engines Ignition Server IDE (RADIUS) which performs authentication and identity services. Unfortunately under authenticator details, I can't find Meraki under "Vendor" drop menu (Cisco is there)...

Is there a way to confirm that Meraki MR 45 will be authenticated via AVAYA RADIUS ?


8 replies

Quick response. You can always add a new vendor and new selection of attribute value pairs specific to that vendor under the Vendors listing. Meraki may simply not have been included in the default selection available in any shipping Ignition release.

Please see GTAC KB https://gtacknowledge.extremenetworks.com/articles/How_To/000037372 for an example on how to add another vendor to Ignition. In this case, this was adding now ExtremeWireless IdentiFi to Ignition releases prior to 9.5.x (where they were included by default).

You will have to obtain the RADIUS dictionary from your vendor and their numerical vendor ID.
Thanks so much for your reply!

Would you please elaborate on what's the RADIUS dictionary and how to find the vendor numerical ID?

(I've contacted Meraki support but they didn't get what's the RADIUS dictionary & vendor ID)

Will this link below helps:

http://www.adminsub.net/mac-address-finder/meraki
That would be a question for your vendor, Meraki (aka Cisco). You can also likely find this information from Google searching for Meraki API / RADIUS dictionary as these are common search terms for any given vendor.

Identity Engines provides you the flexibility / capability to add in any new vendor or RADIUS attributes for use with the appliance. It would be a matter of obtaining the correct information and adding those attributes, if they don't already exist, to Ignition --- similar to the article I had provided.
Thanks for your reply!

I'm trying to test the setup in my home server (I've got Meraki AP) and I just downloaded IDE ignition server 9.3.2. & Dashboard.
The only issue here is that I can't get the demo/trial license (30 days) for the IDE . I have requested the demo license and they said that someone will contact me but unfortunately I've heard nothing from them.

Could you please help to get the demo license ?
BlacKnight - while trial licenses for Identity Engines Ignition server are available, they are only available to customers on request who have a valid support contract who require them for specific scenarios/purposes.

They are no longer provided freely.

You may make a request datalicensing@extremenetworks.com. Who is 'they'?
Who is 'they'?

The sales representative

Thank you.

Please note that Identity Engines is now end of sale as of December 2018 so it is very likely a demo request would not be honored making the request via the portal in this manner.

Please reach out to the email address provided.
Thanks so much Robert for your help!

Unfortunately, there is no respond from the email address you provided.
I've been contacting Meraki support in order to get the required info for RADIUS attribute Files: (RADIUS VSA Name/ Attribute Type) and vendor ID for Meraki MR

We are going for live deployment in two days; and I can't risk it if the AVAYA IDE RADIUS doesn't accept Cisco vendor for Meraki.

This is the last message from Meraki support :

" think you'll probably have to create a custom device template in the Avaya IDE. I haven't tested with any of this so I can only try to point you in the right direction.

You should know that for dynamic VLAN assignment and group policy assignment Meraki expects the RADIUS server to use any of these four fields (you can configure which one it's actually sending):
https://yuzje69629.i.lithium.com/t5/image/serverpage/image-id/8709iB0E81EC5044A9F05/image-size/large?v=1.0&px=999

The following page also provides details about these from a numeric perspective:
https://community.cisco.com/t5/security-documents/ise-network-access-attributes/ta-p/3616253#toc-hId...

See if you can figure out a way to have Avaya IDE send one of these."

and

"I don't think Meraki has its own Vendor ID. As I posted before it integrates nicely with third party RADIUS servers and works with multiple fields from multiple vendors. You just need to configure which field your RADIUS is going to send to the authenticators (in this case the APs)."

Reply