End users WiFi Authentication - Meraki SM

Rakesh_Kumar
Here to help

End users WiFi Authentication - Meraki SM

I am looking to Automation of end user authentication to Meraki Wi-Fi. We don't have local radius and AD hence can integrated with any of these. 

I am considering Meraki SM, using SMagent to enroll windows PC and automate the Wi-Fi authentication to SSID but my concern are , Is this secure to use Smagent to enroll PC and Wi-Fi connection to SSID. 

 

can anyone advice pls ?

2 Replies 2
KarstenI
Kind of a big deal
Kind of a big deal

The Meraki Authentication uses EAP-TLS which is considered one of the most secure methods available. One drawback is that it’s only supported on wireless and not for 802.1X on the switch ports. If you want to extend the authentication to the switches you need a RADIUS server.

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
PaulF
Meraki Employee
Meraki Employee

Hi Rakesh

 

One of the key benefits of using both Systems Manager and MR is the Sentry capability:

 

https://documentation.meraki.com/SM/Deployment_Guides/Systems_Manager_Sentry_Overview

 

This allows you to leverage certificates for authentication, that are delivered securely to devices (in fact, the private key for the cert stays on the device itself). Instead of you having to build and maintain both RADIUS and Certificate Authority infrastructure, Meraki Dashboard does this for you

 

If a device is removed from manage, we also remove the entry in RADIUS, resulting in the device not being able to authenticate against the network. And because the cert is bound to MDM, it means that if the device is unenrolled, then the certificate is removed also

 

The documentation should be self explanatory, but if you've any questions, let us know.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels