Cisco Meraki

Cisco Meraki integration is based on the iPSK without RADIUS feature, with support of Wi-Fi Personal Network (WPN) capabilities. It also relies on Group Policies to differentiate Tenant services (such as VLAN and bandwidth).

Cusna relies on iPSK without RADIUS and WPN is supported only on MR devices with 29.4.1+ firmware. However, to benefit form the possibility to manage up to 5,000 iPSK per SSID, you need to use firmware versions MR 30.1 and newer.

All APs in your network must be Wi-Fi 5 Wave 2 (MR20, MR30H, MR33, MR42, MR42E, MR52, MR53, MR53E, MR70, MR74. MR84), Wi-Fi 6 (MR28, MR36, MR36H, MR44, MR46, MR46E, MR56, MR76, MR78, MR86, MR45/55), Wi-Fi 6E (MR57, CW9162I, CW9164I, CW9166I) or newer.

Meraki setup

Each Location in Cusna is associated to a Network in the Meraki dashboard.

  1. Create a Network in Meraki as described in the official Meraki documentation.

  2. Next, you need to create an SSID configured to support iPSK. Navigate to Wireless > Configure > SSIDs, enable an SSID from the list and rename it with your desired network name, e.g. "Tenant WiFi". Click Save Changes at the bottom of the page.

  3. On the desired SSID, click "edit settings" link to navigate to the Access Control page for this SSID.

  4. On the Access control Page, Select Identity PSK without RADIUS under Security and click on Add an Identity PSK

  5. Configure a name and passphrase; select a group policy.

  6. Set Wi-Fi Personal Network (WPN) to Enabled

  7. Click Save changes on the bottom of the page.

Cusna setup

To connect Cusna to your Meraki account, you need to generate an API Key in your Meraki account:

  1. Navigate to Organizations > Settings.

  2. Ensure the option Enable access to the Cisco Meraki Dashboard API is enabled.

  3. Navigate to your profile by clicking your account email address in the upper-right > My profile to generate the API key.

  4. Save this key in a secure location as it represents your admin credentials.

Once the key is generated from the Cisco Meraki dashboard:

  • Log in to your Cusna account and click Setting.

  • Expand the WiFi setup card, select Meraki and enter your API Key.

  • The Organization menu will load the list of Meraki Organizations enabled on your API Kay; select the Organization that you want to link to your Cusna account.

  • Click Save.

Next, you need to setup at least one Network Policy. Once you have set up the Meraki integration, the Network Policy section appears.

pageNetwork Policies

When using Meraki, Cusna does not allwo to manually or automatically set the VLAN on the individual tenant, since the VLAN is handled by the assigned Group Policy.

Operating Cusna

Creating Location

When you create or edit a Property in the Cusna dashboard, in the WiFi configuration section, you have to pick the Network and SSID related to the Location and the Network Policy you want to assign by default to the new tenant accounts (you can select a custom Network Policy while creating a new Tenant)

Note: when selecting the SSID, Cusna verifies in real-time if the SSID is properly configured with work with iPSK without RADIUS and the other settings required by Cusna. If not compliant, you'll see a notification message. You can still select the SSID and save the Location and fix the SSID configuration later or.

Managing Units

Meraki support Cusna Units management, where each unit can be associated with a Wired access point. Cusna configure the ETH ports to be in the same personal area network as the device connecting with the iPSK of the Account associated to the Unit.

This feature is currently supported only on MR36H

pageUnits

Creating Accounts

When you create a new Account, a new iPSK user will be created in your Meraki account with a predefined WiFi Passphrase.

In the Account setup page, you need to chose a Network Policy to assign to the user in the related menu. Select "Default" to assign the Network Policy that has been selected as the default one for the Location where you are activating the Account

The Account of type Tenant and Visitors receive an activation email with the default passphrase and QR code, and a link to the Tenant Portal where can change the passphrase.

To avoid synchronization problems, please do not manage manually the iPSKs in the Meraki dashboard.

Meraki WPN Limitations

  • 5,000 iPSK groups per SSID and 2x SSIDs with WPN enabled per dashboard network are supported.

  • Wireless devices connected to a WPN-enabled SSID cannot communicate with wired devices on the same VLAN (L2 domain) except for the default gateway.

  • Wireless devices connected to a WPN-enabled SSID can communicate with wired devices on a different VLAN through L3 routing.

  • Meraki AP assigned (NAT mode) is not supported on an SSID with WPN enabled. External DHCP server assigned mode must be used instead.

  • Wired AP ports using port profiles do not support WPN.

Last updated