Meraki

rhbirkelund

I'm messing around a little with Systems Manager, and configuration of Wireless 802.1x profiles with certificates, and there is something I'm having difficulty in getting to work.

As a disclaimer, certificates has always seemed rather much like Voodoo to me, and I've rarely gotten things to work. So bear with my lack of understanding with it.

I have not trouble with configuring a Wireless profile for an SSID that uses PSK. But I wan't to provision a 802.1x wireless network with a certificate.

From my understanding it is possible to use the users that are created in System Manager. But I do not want to use Meraki Cloud Authentication with Sentry, as this only supports WPA2. I'm looking towards using WPA3 in stead.

Inorder to add a certificate to the Wireless profile, there are two options; SCEP and normal Certificate. With the ladder, I'll have to request a certificate for each user, and add to the profile, and create a Wireless profile for each user. This it not scalable, even for my home lab, and thus not an option.

For the SCEP option, I seem to understand that it will create a personal Certificate for each Owner, with specific properties that I set. I think this might be the way. However, I'm not quite getting there.

And then configure the SSID parameters with EAP-TLS.

On the authentication tab, I can select the SCEP certificate that I created.

Do I really also need to configure username/password? Because I seem to think that defeats the purpose of auto-gen certificate per user/owner, or even device.

I'm trying to piece together bits of Meraki Documentation, but this area seems very unclear. I'd love a full deployment guide on Wireless 802.1x with users/owners in Meraki using certificates, and not just one certificate for all.

Is it not possible to have Systems Manager create a SCEP certificate per User/Owner, and provision that certificate to the specific Owner's devices?

Additionally, is it not possible to use said SCEP certificate for authentication to a Wireless network?

I'm sure there are solutions outside of Meraki that would solve my issues, but I'm trying to keep as much within the Meraki portfolio as possible.

Help me Obi Wan Kenobi, you are my only hope!

LinkedIn ::: https://blog.rhbirkelund.dk/

Like what you see? - Give a Kudo ## Did it answer your question? - Mark it as a Solution 🙂

All code examples are provided as is. Responsibility for Code execution lies solely your own.

Mloraditch

I can't say for certain as we don't do it the way you are anywhere, but there are ways to combination authenticate with username and password AND certificates. It may be that those fields are there for that purpose. Does the page let you save without inputting that info?

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.

rhbirkelund

Yeah, it has no problem with allowing me to save. Regardless, of what I configure.

LinkedIn ::: https://blog.rhbirkelund.dk/

Like what you see? - Give a Kudo ## Did it answer your question? - Mark it as a Solution 🙂

All code examples are provided as is. Responsibility for Code execution lies solely your own.

alemabrahao

Are the devices you want to connect to the wireless network tagged appropriately in Systems Manager?

Have you configured the SSID for EAP-TLS authentication?

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

Meraki

Community

Wireless 802.1x with Users and Certificates pushed from Systems Manager

Wireless 802.1x with Users and Certificates pushed from Systems Manager