Meraki

Adrian4 · ‎Feb 28 2024

Hello,

I am looking at improving the way end user devices connect to our internal wifi (laptops, phones, pcs etc).

I want to use a Certificate based system like EAP-TLS, however I am not sure how a brand new device would be able to get its certificate from the CA since it needs a cert to get onto wifi to contact the CA lol.

I am in the process of trying to get management to buy systems manager for us and wondered if this is something else it could do for us.

At first I wondered if it could somehow deploy the certificate before the machine joins the domain/network but then I wondered if all that would even be necessary - does systems manager have its own set of tools for managing network access?

Thanks!

GreenMan · ‎Feb 28 2024

As much as most customers find the big advantages with Meraki coming from using multiple products (in your use case, mainly MR and SM - because you can then use SM Sentry: https://documentation.meraki.com/SM/Deployment_Guides/Systems_Manager_Sentry_Overview)

There are plenty of customers out there who only use SM, from the Meraki portfolio; you can still provision wifi profiles and certicates to your managed devices, it's just not nearly as easy to set up and integrated as with Sentry WiFi.

View solution in original post

alemabrahao · ‎Feb 28 2024

Yes, you will need to install an agent on each device.

https://documentation.meraki.com/SM/Systems_Manager_Quick-Start

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

Adrian4 · ‎Feb 28 2024

thanks for the link, thats very helpful!

does System Manager require a fully Meraki hardware environment? We have some sites that are all meraki but some still use older non Meraki switches (tho I'm sure we are fully Meraki when it comes to Access Points).

alemabrahao · ‎Feb 28 2024

The limitation will actually be the supported client devices.

https://meraki.cisco.com/product-collateral/systems-manager-datasheet/?file

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

Adrian4 · ‎Feb 28 2024

it just seems to talk about how well it integrates with other Meraki Networking products.

What if you dont have any meraki Hardware? Can it still be used as a standalone solution?

GreenMan · ‎Feb 28 2024

As much as most customers find the big advantages with Meraki coming from using multiple products (in your use case, mainly MR and SM - because you can then use SM Sentry: https://documentation.meraki.com/SM/Deployment_Guides/Systems_Manager_Sentry_Overview)

There are plenty of customers out there who only use SM, from the Meraki portfolio; you can still provision wifi profiles and certicates to your managed devices, it's just not nearly as easy to set up and integrated as with Sentry WiFi.

Adrian4 · ‎Feb 28 2024

thanks very much!

PhilipDAth · ‎Feb 28 2024

Initial provisioning can be done with a wired connection or a provisioning SSID.

Note you can only use a single MDM on a device.

Microsoft Intune has recently released an interesting option, Cloud PKI. This should work with "Local Auth" certificate authentication on the MRs (disable passwords for this configuration).

https://www.microsoft.com/en-us/security/business/endpoint-management/microsoft-cloud-pki

https://documentation.meraki.com/MR/Encryption_and_Authentication/Meraki_Local_Authentication_-_MR_8...

Meraki

Community

WiFi access

WiFi access