Hello
I am looking into implementing 802.1X (Wired and Wireless) currently and am new to its implementation. From what I can see MR APs don't have supplicant support currently. I can see where we configured RADIUS on the SSIDs but am unsure how to configure the switch ports to which APs will connect. Do the ports need to be left open (no 802.1X) or do the APs need to be configured as clients on the RADIUS Server? My preference is to configure 802.1X on all wired ports.
Its is a full Meraki setup (MS Switch and MR APs) with Windows RADIUS Server. Switch and AP addressing is done via DHCP.
Thanks in Advance.
You can authenticate them on their mac address.
Thanks.
Do you mean MAB (MAC Authentication Bypass)?
Yes,
Or the hybrid if you want just one policy
but i guess a second policy will be better combined with Multi-Host
https://documentation.meraki.com/MS/Access_Control/MS_Switch_Access_Policies_(802.1X)
I wouldn't bother using 802.1x for the APs themselves on the MS switch ports. There is a new feature coming along which will allow an MS to authenticate an attached MR automatically. I'd wait for that to be released. When? I don't know.
Hello PhilipDAth
do you have any news regarding this "feature" for MR auth on MS switchport ?
is it working also for trunk ports on meraki MS switch (we are using MR in bridge mode to vlan per SSID)
generally on switches from different vendors, 802.1x is not working on trunk ports, hence i am interessed to know more on this feature
Thanks
Guillaume
To add to the links Philip posted, the MR firmware required is the new GA version and the MS firmware required is in beta, so it should work now if you can run the beta MS firmware.