Are you going to use a RADIUS server to authenticate the user certificates?

The "Local Auth" system is only for caching responses so the system can continue to allow people on who have previously been on.

https://documentation.meraki.com/MR/Encryption_and_Authentication/Meraki_Local_Authentication_-_MR_8... 

Thanks for replying Philip!

I was not going to use Radius.. What if you don't configure the certificate verification? It isn't mandatory in the config and as such, there isn't a field to enter any radius server (well, only accounting, but not mandatory as well)

With that said, in the end, with this config below in mind, the AP does not know what are the users or certificates that it needs to validate? 

This config only works when you use a RADIUS server.  It caches the RADIUS server saying to allow (or deny) access.  There there is no RADIUS server to give the response, there is nothing to cache.  Only the cache is used to say weather access is to be granted or not.

What about this? 

"Otherwise, leave the LDAP option set to Do not verify certificate with LDAP. Note that in this case, any wireless device that presents a valid certificate will be able to connect to the SSID regardless of the permissions set for that device/user."

It just seems that, if I upload the Client Certificate CA and the client certificate matches the one uploaded, the MR will accept the client, not having to previously cache anything from an external radius..

Doesn't make sense? At least it is a way to interpret the documentation about Certificate Caching/Auth. Even the