Meraki SM and Aruba ClearPass

JP83
Comes here often

Meraki SM and Aruba ClearPass

Hello.

 

We are switching our wireless infrastructure to Aruba APs and their ClearPass access control.

 

What's the most secure way to get all of our iPads connected to our Wi-Fi network?  We've been trying to do push out Wi-Fi settings using certificate authentication but have been unsuccessful.

 

Any ideas, suggestions or help would be greatly appreciated!

 

Thank you!

 

5 Replies 5
alemabrahao
Kind of a big deal
Kind of a big deal

Using 802.1x is enough.

 

I also suggest you open a support case with both Meraki anda Aruba.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
ammahend
Building a reputation

most people would use some kind of MDM for this kind of work, JAMF is well known for Apple devices, you can also consider exploring Meraki Systems Manager, you can use for free trial up to 100 devices. (not any more, thanks for correction @PhilipDAth )

typically what you would do is create a provisioning SSID which can be open or MAB, connect iPads to the network and provision devices for 802.1X with PEAP or EAP-TLS,  if you don't want to get into hassle of certificate management you can use single cert for all (not recommended, but if you are short staffed) . once provisioned devices will disconnect from open and will connect to secure SSID, once all provisioning is done disable open SSID.

PhilipDAth
Kind of a big deal
Kind of a big deal

>you can use for free trial up to 100 devices.

 

Not any more.  😞

https://documentation.meraki.com/SM/Other_Topics/Meraki_SM_Legacy_and_Free_100_Retirement_FAQ 

PhilipDAth
Kind of a big deal
Kind of a big deal

>We are switching our wireless infrastructure to Aruba APs and their ClearPass

 

This is a Cisco Meraki forum ... perhaps try an HPE forum?

PaulF
Meraki Employee
Meraki Employee

The easiest way would be to use Meraki WiFi and Systems Manager and spend 15 seconds, yes, SECONDS deploying certs to all of your devices, utilising the built in PKI and RADIUS in Meraki Dashboard

 

But, as you're not doing that, so....

 

1. Create a new Setting (Systems Manager > Settings > Add profile)

2. Give is a name

3. Add a certificate payload: You'll have to reach out to ClearPaass to work out what type, either dynamic or static

4. Add a wifi payload to the same setting, and configure the various 802.1x options under Security > WPA2 Enterprise > Protocols / Authentication / Trust

5. Under Authentication > Identity Certificate, choose the SCEP / Cert payload you created earlier

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels