Guide for SM config for EAP-TLS w/ non-meraki AP?

soomeGUy
Here to help

Guide for SM config for EAP-TLS w/ non-meraki AP?

Is there any guide or article on how to use eap-tls (and also peap mschapv2) with system manager devices when not using meraki AP?  I want to push out eap-tls certs or peap mschapv2 credentials to all the ipads i have in SM but its not exactyl clear how you do this in the manuals.

 

Also, can anyone explain SCEP and if its useful outside of meraki hardware?  I am having trouble understanding waht its used for exactly.  could i use it with freeradius and eap-tls for example?

3 Replies 3
PhilipDAth
Kind of a big deal
Kind of a big deal

I have not seen anything in Systems Manager that lets you deploy your own certificates.

 

SCEP (Simple Certificate Enrollment Protocol) is a way for a device/person to easily request a certificate, have it approved in some way, and then deployed to the device.  You would have to deploy your own PKI infrastructure to make this work.


@PhilipDAth wrote:

I have not seen anything in Systems Manager that lets you deploy your own certificates.

 

SCEP (Simple Certificate Enrollment Protocol) is a way for a device/person to easily request a certificate, have it approved in some way, and then deployed to the device.  You would have to deploy your own PKI infrastructure to make this work.


In system managers you can install a "credential" setting which appears to allow you to install a certificate but since the documentaiton for this is non-existant I am not sure.  

How else are you supposed to use WPA2-Enterprise TLS if you cant send certificates? 

PhilipDAth
Kind of a big deal
Kind of a big deal

I've only ever done it using Windows machines, which allows you to do it via group policy.

 

If you are using PEAP/MSCHAPv2 and you use a public certificate on your RADIUS server (that matches its domain) then you don't need to deploy any certificates to devices,

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels