Centralised Authentication, Authorization, and Accounting (AAA) in networks is facilitated by the RADIUS (Remote Authentication Dial-In User Service) protocol, which is extensively utilised for VPNs and Wi-Fi. But there is no security when using UDP with standard RADIUS.

Using TCP and creating secure TLS (Transport Layer Security) connections, RadSec (RADIUS Security) improves RADIUS. User credentials are shielded from interception and manipulation by this encrypted and secure transmission method.

For today’s sophisticated networks, RadSec is perfect since it not only increases security but also dependability and scalability. Through the combination of strong security and dependable data transfer, RadSec adoption enhances network access management.

How to configure RadSec in Meraki Dashboard?

Meraki Dashboard configuration if you are using Microsoft CA

Login to your organisation from the dashboard navigate to Orgnisation > Configure > Certificates > Upload Certificates
Your internal CA Root Certificate has to be uploaded here. Open the certificate services using the URL https://URL_TO_YOUR_CA/CertSrv if you are using Microsoft CA.
Click on download CA Root Certificate
Now upload this to your Meraki Dashboard

Creating Meraki Org CA certificate and Uploading it to your Radius Server

Generate Meraki CA server certificate
After generating you have to trust the Meraki CA certificate and download it to upload to your local Radius server
Now login to your Microsoft Radius Server and import the Meraki Root CA certificate. More details on how to manually import Root certifcates on a server can be found here https://learn.microsoft.com/en-us/troubleshoot/windows-server/certificates-and-public-key-infrastructure-pki/install-imported-certificates
When the import process is finished, the Meraki Root certificate should appear in the Radius server’s trusted root certificates.
Now enable radsec for your Radius server configuration
You can even run a quick dashboard test to validate that the authentication is working.