WiFi access

Solved
Adrian4
Head in the Cloud

WiFi access

Hello,

 

I am looking at improving the way end user devices connect to our internal wifi (laptops, phones, pcs etc).

I want to use a Certificate based system like EAP-TLS, however I am not sure how a brand new device would be able to get its certificate from the CA since it needs a cert to get onto wifi to contact the CA lol.


I am in the process of trying to get management to buy systems manager for us and wondered if this is something else it could do for us.

At first I wondered if it could somehow deploy the certificate before the machine joins the domain/network but then I wondered if all that would even be necessary - does systems manager have its own set of tools for managing network access?

Thanks!

1 Accepted Solution
GreenMan
Meraki Employee
Meraki Employee

As much as most customers find the big advantages with Meraki coming from using multiple products (in your use case, mainly MR and SM - because you can then use SM Sentry:   https://documentation.meraki.com/SM/Deployment_Guides/Systems_Manager_Sentry_Overview)

There are plenty of customers out there who only use SM, from the Meraki portfolio;   you can still provision wifi profiles and certicates to your managed devices, it's just not nearly as easy to set up and integrated as with Sentry WiFi.

View solution in original post

7 Replies 7
alemabrahao
Kind of a big deal
Kind of a big deal

Yes, you will need to install an agent on each device.

 

https://documentation.meraki.com/SM/Systems_Manager_Quick-Start

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Adrian4
Head in the Cloud

thanks for the link, thats very helpful!


does System Manager require a fully Meraki hardware environment? We have some sites that are all meraki but some still use older non Meraki switches (tho I'm sure we are fully Meraki when it comes to Access Points).

alemabrahao
Kind of a big deal
Kind of a big deal

The limitation will actually be the supported client devices.

 

alemabrahao_0-1709138250796.png

https://meraki.cisco.com/product-collateral/systems-manager-datasheet/?file

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Adrian4
Head in the Cloud

it just seems to talk about how well it integrates with other Meraki Networking products.

What if you dont have any meraki Hardware? Can it still be used as a standalone solution?

GreenMan
Meraki Employee
Meraki Employee

As much as most customers find the big advantages with Meraki coming from using multiple products (in your use case, mainly MR and SM - because you can then use SM Sentry:   https://documentation.meraki.com/SM/Deployment_Guides/Systems_Manager_Sentry_Overview)

There are plenty of customers out there who only use SM, from the Meraki portfolio;   you can still provision wifi profiles and certicates to your managed devices, it's just not nearly as easy to set up and integrated as with Sentry WiFi.

Adrian4
Head in the Cloud

thanks very much!

PhilipDAth
Kind of a big deal
Kind of a big deal

Initial provisioning can be done with a wired connection or a provisioning SSID.

 

Note you can only use a single MDM on a device.

 

Microsoft Intune has recently released an interesting option, Cloud PKI.  This should work with "Local Auth" certificate authentication on the MRs (disable passwords for this configuration).

https://www.microsoft.com/en-us/security/business/endpoint-management/microsoft-cloud-pki 

https://documentation.meraki.com/MR/Encryption_and_Authentication/Meraki_Local_Authentication_-_MR_8... 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels