Meraki

Community

WiFi access

Solved
Adrian4
Head in the Cloud
‎Feb 28 2024 7:01 AM
‎Feb 28 2024 7:01 AM

WiFi access

Hello,

 

I am looking at improving the way end user devices connect to our internal wifi (laptops, phones, pcs etc).

I want to use a Certificate based system like EAP-TLS, however I am not sure how a brand new device would be able to get its certificate from the CA since it needs a cert to get onto wifi to contact the CA lol.


I am in the process of trying to get management to buy systems manager for us and wondered if this is something else it could do for us.

At first I wondered if it could somehow deploy the certificate before the machine joins the domain/network but then I wondered if all that would even be necessary - does systems manager have its own set of tools for managing network access?

Thanks!

Labels:
0 Kudos
1 Accepted Solution
In response to Adrian4
GreenMan
Meraki Alumni (Retired)
Meraki Alumni (Retired)
‎Feb 28 2024 8:43 AM
‎Feb 28 2024 8:43 AM

As much as most customers find the big advantages with Meraki coming from using multiple products (in your use case, mainly MR and SM - because you can then use SM Sentry:   https://documentation.meraki.com/SM/Deployment_Guides/Systems_Manager_Sentry_Overview)

There are plenty of customers out there who only use SM, from the Meraki portfolio;   you can still provision wifi profiles and certicates to your managed devices, it's just not nearly as easy to set up and integrated as with Sentry WiFi.

View solution in original post

9 Replies 9
alemabrahao
Kind of a big deal
Kind of a big deal
‎Feb 28 2024 7:29 AM
‎Feb 28 2024 7:29 AM

Yes, you will need to install an agent on each device.

 

https://documentation.meraki.com/SM/Systems_Manager_Quick-Start

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
In response to alemabrahao
Adrian4
Head in the Cloud
‎Feb 28 2024 8:28 AM
‎Feb 28 2024 8:28 AM

thanks for the link, thats very helpful!


does System Manager require a fully Meraki hardware environment? We have some sites that are all meraki but some still use older non Meraki switches (tho I'm sure we are fully Meraki when it comes to Access Points).

0 Kudos
In response to Adrian4
alemabrahao
Kind of a big deal
Kind of a big deal
‎Feb 28 2024 8:37 AM
‎Feb 28 2024 8:37 AM

The limitation will actually be the supported client devices.

 

alemabrahao_0-1709138250796.png

https://meraki.cisco.com/product-collateral/systems-manager-datasheet/?file

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to alemabrahao
Adrian4
Head in the Cloud
‎Feb 28 2024 8:43 AM
‎Feb 28 2024 8:43 AM

it just seems to talk about how well it integrates with other Meraki Networking products.

What if you dont have any meraki Hardware? Can it still be used as a standalone solution?

0 Kudos
In response to Adrian4
GreenMan
Meraki Alumni (Retired)
Meraki Alumni (Retired)
‎Feb 28 2024 8:43 AM
‎Feb 28 2024 8:43 AM

As much as most customers find the big advantages with Meraki coming from using multiple products (in your use case, mainly MR and SM - because you can then use SM Sentry:   https://documentation.meraki.com/SM/Deployment_Guides/Systems_Manager_Sentry_Overview)

There are plenty of customers out there who only use SM, from the Meraki portfolio;   you can still provision wifi profiles and certicates to your managed devices, it's just not nearly as easy to set up and integrated as with Sentry WiFi.

In response to GreenMan
Adrian4
Head in the Cloud
‎Feb 28 2024 8:45 AM
‎Feb 28 2024 8:45 AM

thanks very much!

0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Feb 28 2024 11:56 AM
‎Feb 28 2024 11:56 AM

Initial provisioning can be done with a wired connection or a provisioning SSID.

 

Note you can only use a single MDM on a device.

 

Microsoft Intune has recently released an interesting option, Cloud PKI.  This should work with "Local Auth" certificate authentication on the MRs (disable passwords for this configuration).

https://www.microsoft.com/en-us/security/business/endpoint-management/microsoft-cloud-pki 

https://documentation.meraki.com/MR/Encryption_and_Authentication/Meraki_Local_Authentication_-_MR_8... 

0 Kudos
NetworkCcie
Conversationalist
‎Aug 20 2025 4:37 PM
‎Aug 20 2025 4:37 PM

Check out this solution 

 

Meraki access manager + cloud pki 

 

https://www.hypershift.com/blog/meraki-intune-cloud-pki

0 Kudos
In response to NetworkCcie
Adrian4
Head in the Cloud
‎Aug 21 2025 12:31 AM
‎Aug 21 2025 12:31 AM

very exciting!

 

although that guide, and what i can see in dashboard seems to be that its only for use with a cloud CA? rather than that just being an option.

atm I'd like to just get it to handle radius for us and use our on-prem certificate server to handle Windows clients requests.

I would like to bring Intune and SCEP later for mobile devices but they would still be using our on-prem server...but thats a later thing.

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.