We have lots of MR42's and would like to control access to WIFI by using WPA2 & MAC based authentication(non meraki).
We have 1000 staff + a lot of customer devices. These devices constantly change and some don't belong to the organisation. To minimize support overhead and interruption/setup time for customers we would like to just take their MAC add and Whitelist it on a radius solution. MS Radius/MAC is not a great solution you need to create ad accounts constantly it's a pain..
Has anyone any experience of achieving this, or can suggest a good radius solution?
For a basic level of "users on boarding process" Meraki Radius seems to be fine.
Any how you need to manually type in the MAC Address in either of the solutions.
In-case of Meraki you can specify the desired policy on the device while adding them on to the Dashboard.
Screenshot attached for reference.
For a better functionality you may consider Cisco ISE.
Thanks for the reply. I should have stated more clearly, we won't use Meraki MAC authentication, the reason being it doesn't work for us, it breaks constantly and support can't figure it out. I have a post for this too - https://community.meraki.com/t5/Wireless-LAN/WIFI-MAC-Whitelisting-breaks/m-p/35589#M5627
I was hoping someone could suggest a good radius solution(IE not MS or Meraki)
I have not faced "Whitelisting Policy" not working with Meraki Wireless.
I did faced Group Policy issues in Meraki Wireless + Appliance network which was shorted out later.
I never got an opportunity to Manage 1000+ WiFi user base though.
If not ISE / MS you may consider FreeRadius / MikroTik.
You may start with http://www.freeradius.net/. Install it on a Windows Machine and check if a Radius solves the issue.
However Lets wait for some more suggestion from Community Members.
There's a number of Identify solutions that can do this. Aruba ClearPass, FreeRadius, Cisco ISE. Me personally, I've used ClearPass in a former life and was always happy with it. I have a basic FreeRadius server in my lab that does the trick, but I'm not doing anything fancy on that.
Thanks for the reply @jdsilva
I'm hoping to find a solution that will be easy for our Helpdesk to administer. I'm hoping that they can just take a MAC from a customer and pop it in a test file or GUI to authenticate the end users device. Do you know which solution might fit this use best?
I am setting up free radius now to see how works.
If you don't mind using the command line, it is hard to go past FreeRadius for this requirement. Otherwise I'd go for Cisco ISE.
I'll second FreeRadius and ISE although ISE is probably way more than you need for this. Might be moot point, but when adding MAC addresses using the Add Client drop-down, I believe you can populate up to 3,000 clients at a time, assuming you have them in a spreadsheet for example. But agree with the others it's cumbersome to manage tons of constantly-changing MAC addresses regardless of the solution!