Meraki

Community

WPA2 Enterprise Profile

jared_f
Kind of a big deal
‎Nov 6 2017 3:24 PM
‎Nov 6 2017 3:24 PM

WPA2 Enterprise Profile

Not sure if your org uses WPA2 Enterprise to have user authenticate onto your network. We have been testing it out and really like it. Our current way is just pushing our wireless credentials during DEP, but with iOS 11 and WiFi sharing we have been asked to re-evaluate our practices.

 

Thoughts? How are you doing it?

Find this helpful? Click the kudos button. Thanks!
Labels:
0 Kudos
2 Replies 2
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Nov 6 2017 4:36 PM
‎Nov 6 2017 4:36 PM

If you value security you want to stick with WPA2-Enterprise mode.

 

It is the only practical way of being able to easily prevent individual users from connecting to your network as people start and finish with your company.

0 Kudos
MerakiDave
Meraki Employee
Meraki Employee
‎Nov 6 2017 7:36 PM
‎Nov 6 2017 7:36 PM

Generally speaking, the #1 best and common practice is WPA2-Enterprise which leverages 802.1X/EAP with a RADIUS server which in turn queries an external LDAP database (very commonly AD).  This covers everything you need with respect to AAA, mutual tunneled authentication, RBAC, and a variety of EAP types to fit various requirements, and to handle both wired and wireless use cases.  You mentioned DEP and iOS 11 so if you have it, RADIUS can also query Open Directory.  And if you're using Meraki Systems Manager you can also leverage that for things like client certificate distribution to implement EAP-TLS, without the need to stand up your own PKI or do all the cumbersome certificate management.  Anyway, definitely read up on 802.1X/EAP and RADIUS to plan out your AAA services on your network. 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.