Access Point Port Configuration for Wired 802.1X

ny167
Just browsing

Access Point Port Configuration for Wired 802.1X

Hello

I am looking into implementing 802.1X (Wired and Wireless) currently and am new to its implementation. From what I can see MR APs don't have supplicant support currently. I can see where we configured RADIUS on the SSIDs but am unsure how to configure the switch ports to which APs will connect. Do the ports need to be left open (no 802.1X) or do the APs need to be configured as clients on the RADIUS Server? My preference is to configure 802.1X on all wired ports.

 

Its is a full Meraki setup (MS Switch and MR APs) with Windows RADIUS Server. Switch and AP addressing is done via DHCP.

 

Thanks in Advance.

 

 

7 Replies 7
ww
Kind of a big deal
Kind of a big deal

You  can authenticate  them  on their  mac  address.

ny167
Just browsing

Thanks.

Do you mean MAB (MAC Authentication Bypass)?

 

 

ww
Kind of a big deal
Kind of a big deal

Yes,

Or the hybrid if you want just one policy

 

but i guess  a second policy will be better combined with Multi-Host 

https://documentation.meraki.com/MS/Access_Control/MS_Switch_Access_Policies_(802.1X)

PhilipDAth
Kind of a big deal
Kind of a big deal

I wouldn't bother using 802.1x for the APs themselves on the MS switch ports.  There is a new feature coming along which will allow an MS to authenticate an attached MR automatically.  I'd wait for that to be released.  When?  I don't know.

GuillaumeWork
Conversationalist

Hello PhilipDAth

 

do you have any news regarding this "feature" for MR auth on MS switchport ?

is it working also for trunk ports on meraki MS switch (we are using MR in bridge mode to vlan per SSID)

generally on switches from different vendors, 802.1x is not working on trunk ports, hence i am interessed to know more on this feature

 

Thanks

Guillaume

PhilipDAth
Kind of a big deal
Kind of a big deal
RichG
Getting noticed

To add to the links Philip posted, the MR firmware required is the new GA version and the MS firmware required is in beta, so it should work now if you can run the beta MS firmware.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels