Enabling two factor authentication for client in MR36

SLT-Meraki
Conversationalist

Enabling two factor authentication for client in MR36

Hi friend,

 

I have meraki MR36 wireless network. I want to know that how to enable two factor authentication for wifi client.

4 REPLIES 4
Brash
Head in the Cloud

MFA for wifi auth is doable via WPA2 Enterprise and a radius server that supports MFA integration.

 

That said my experience is that MFA is rarely used for this as it can is it creates a poor user experience. MFA will be required every time a user reauths. For some laptops, this can include being woken up from lock or sleep (when it goes into low power mode). Also anyone who is on the fringe of the wifi range and encounters disconnects may keep getting requests for reauth.

Brash
Head in the Cloud

I should clarify that here I'm talking about 2FA via authenticator apps such as Google Authenticator or Duo.

Multi Factor Authentication can actually be achieved in other ways such as certificates and/or AD device/user security groups (via a radius server)

GIdenJoe
Kind of a big deal

So everytime you have a slow roam or a timeout you want to open up your authenticator app just to stay on the Wi-Fi.  Like Brash said, your client experience will be horrible.  Just don't do it.

alemabrahao
Kind of a big deal

I think MFA on Wifi is unnecessary, If you have policies well defined and limit access on your network It's enough.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels