Automatic network discovery enrollment doesn't work

Adam2104
Building a reputation

Automatic network discovery enrollment doesn't work

According to this document:

https://documentation.meraki.com/SM/Device_Enrollment/Enrolling_Devices

 

If an iOS device is connected to a Meraki wifi network it should be able to enroll without knowing the network ID code or the qr code, etc. I have a full Meraki stack, MS, MR, MX, and when I run the SM app on iOS 12.2 (iphone and ipad), it doesn't detect any Meraki networks. I still have to either scan the qr code, or, punch in the network ID code. Is there something specific I need to configure for this to work? I've been searching for a long while and can't find anything.

5 REPLIES 5
BrechtSchamp
Kind of a big deal

Yes. You need a Sentry Enrollment SSID:

https://documentation.meraki.com/MR/Splash_Page/Systems_Manager_Sentry_Enrollment

 

This is an SSID on which any device can connect to be enrolled in Systems Manager. Once it's enrolled you can use Sentry Wi-Fi to push connection details to them:

https://documentation.meraki.com/MR/Encryption_and_Authentication/Configuring_EAP-TLS_Wireless_Authe...

 

Also note this:

Sentry Wifi security is not to be confused with Sentry enrollment, as shown in the splash page configuration below. Sentry enrollment is typically deployed as a separate SSID (SL-corp-onboarding in this article) to initially enroll devices into Systems Manager, while Sentry security grants secure wifi access to devices already enrolled.

Adam2104
Building a reputation

If that's the case then the documentation is poorly formatted. A Sentry Enrollment SSID is listed as a separate option from automatic network discovery in the link I posted. If one requires the other why is it listed as a separate option in the list of available enrollment choices? Honestly, the description seems to suggest they are, in fact, two different options.One that forces enrollment (Sentry SSID) and one that simply makes it easier by not having to know the network id (automatic discovery).

Nvm, I think this is indeed a separate feature that I didn't know about.

with our Macbooks, the OS keeps randomly connecting back to the Corporate-onboarding-SSID instead of the Corporate-SSID that is pushed via SM. how did you handle that?

I shouldn't have to go on each machine's network settings and prioritise the Corp-SSID...

both SSIDs are broadcasted by all AP

any clue?

Not a great solution but to get around that we actually push out our sentry or wifi creds to the computer while it is still being setup, i.e. wired directly in during the click through macos onboarding screens. We stop at create an account section and from there the profiles will get pushed. So when we hand it to a new employee they start from that point and will automatically connect to the network. 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels