Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Enabling two factor authentication for client in MR36

SLT-Meraki
Conversationalist
‎Sep 29 2022 8:15 PM
‎Sep 29 2022 8:15 PM

Enabling two factor authentication for client in MR36

Hi friend,

 

I have meraki MR36 wireless network. I want to know that how to enable two factor authentication for wifi client.

0 Kudos
Subscribe
4 Replies 4
Brash
Kind of a big deal
Kind of a big deal
‎Sep 29 2022 8:35 PM
‎Sep 29 2022 8:35 PM

MFA for wifi auth is doable via WPA2 Enterprise and a radius server that supports MFA integration.

 

That said my experience is that MFA is rarely used for this as it can is it creates a poor user experience. MFA will be required every time a user reauths. For some laptops, this can include being woken up from lock or sleep (when it goes into low power mode). Also anyone who is on the fringe of the wifi range and encounters disconnects may keep getting requests for reauth.

0 Kudos
Subscribe
In response to Brash
Brash
Kind of a big deal
Kind of a big deal
‎Sep 29 2022 8:38 PM
‎Sep 29 2022 8:38 PM

I should clarify that here I'm talking about 2FA via authenticator apps such as Google Authenticator or Duo.

Multi Factor Authentication can actually be achieved in other ways such as certificates and/or AD device/user security groups (via a radius server)

0 Kudos
Subscribe
GIdenJoe
Kind of a big deal
Kind of a big deal
‎Sep 30 2022 9:17 AM
‎Sep 30 2022 9:17 AM

So everytime you have a slow roam or a timeout you want to open up your authenticator app just to stay on the Wi-Fi.  Like Brash said, your client experience will be horrible.  Just don't do it.

0 Kudos
Subscribe
alemabrahao
Kind of a big deal
Kind of a big deal
‎Sep 30 2022 10:46 AM
‎Sep 30 2022 10:46 AM

I think MFA on Wifi is unnecessary, If you have policies well defined and limit access on your network It's enough.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.