cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

LAN Wireless with Meraki Radius Login

SOLVED
Here to help

LAN Wireless with Meraki Radius Login

Dear,

 

it`s possible make an SSID based on MAC adress access control with meraki radius log in?.

i try to make this by the meraki administration and i´m not allowed. 

 

Regards!

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Kind of a big deal

Re: LAN Wireless with Meraki Radius Login

I suggest you investigate using System Manager to facilitate implementing access security without relying on MAC addresses. This will avoid the use of shared passwords

Robin St.Clair | Principal, Caithness Analytics | @uberseehandel
13 REPLIES 13
Kind of a big deal ww
Kind of a big deal

Re: LAN Wireless with Meraki Radius Login

no

Here to help

Re: LAN Wireless with Meraki Radius Login

Ok,

 

and if I want to generate a ssid with mac adress and some additional security what options do I have left?

 

Thanks!

Kind of a big deal

Re: LAN Wireless with Meraki Radius Login


@CarOneAdmin wrote:

Dear,

 

it`s possible make an SSID based on MAC adress access control with meraki radius log in?.

i try to make this by the meraki administration and i´m not allowed. 

 

Regards!


For the purpose you describe, MAC addresses are about as reliable as chocolate teapots. Better to use a certificate based system. Junior school kids know how to spoof MAC addresses.

Robin St.Clair | Principal, Caithness Analytics | @uberseehandel
Here to help

Re: LAN Wireless with Meraki Radius Login

Agreed. Switch to certificate based for access that way if they do not have the certificate installed they will not connect. MAC spoofing is easy so all they need to do is find and existing client, spoof that address and still connect.


T Roberts
A+, Network+, MCP, Dell and CMNO
Here to help

Re: LAN Wireless with Meraki Radius Login

Tmroberts,

 

Thanks! i want to avoid the future troubles on this future SSID (Enterprise LAN WIFI), thats is the reason of my cuestion.

is possible duplicate the security on a SSID with meraki radius?  i want to avoid the user & password sharing!

 

Regards!

Kind of a big deal

Re: LAN Wireless with Meraki Radius Login

Have a look at this for starters - 

 

https://documentation.meraki.com/MR/Encryption_and_Authentication/Certificate-based_WiFi_authenticat...

 

Check if it meets your needs. There are plenty of people on this forum who have in depth experience of this. To date my use of certs is a little different but I am contemplating switching to this general method.

 

Robin St.Clair | Principal, Caithness Analytics | @uberseehandel
Here to help

Re: LAN Wireless with Meraki Radius Login

Uberseehandel,

 

Thanks for the comment, This configuration its very useful to me and for this proyect.

I have set meraki with this configuration and I feel a little closer than what I need.

but i need to make this more closed & restrict not allowed devices.

 

 

MERAKI RESTRICTIONS.PNG

 I need something more to only accept devices of my trust. For that i have been thinking on the security based on mac adress, but how i have listen on this forum its easy the mac adress spoofing now i am some lost but more close to my objective thanks to you and this forum.

 

Regards!

 

Highlighted
Kind of a big deal

Re: LAN Wireless with Meraki Radius Login

I suggest you investigate using System Manager to facilitate implementing access security without relying on MAC addresses. This will avoid the use of shared passwords

Robin St.Clair | Principal, Caithness Analytics | @uberseehandel
Here to help

Re: LAN Wireless with Meraki Radius Login

Uberseehandel,

 

thanks for the help & support! 

 

Regards.

Here to help

Re: LAN Wireless with Meraki Radius Login

Thank you Uberseehandel,

How you see i am a rookie on this.
so if the best option is meraki radius?
its impossible suffer an external attack with this only type of security?

Regards!
Kind of a big deal

Re: LAN Wireless with Meraki Radius Login

Why don't you use Meraki hosted auth? This will allow you to implement 802.1x auth on the SSID without needing to use MAC based auth and not need an external RADIUS server. See here for how this is set up in Dashboard: https://documentation.meraki.com/MR/Encryption_and_Authentication/Meraki_Cloud_Hosted_Authentication

MRCUR | CMNO #12
Here to help

Re: LAN Wireless with Meraki Radius Login

MRCUR,

 

Yes. i am using meraki hosted auth. But my question it`s how i can avoid the user & password sharing.

i want only 10 machines with windows 10 connected to this SSID without the capacity of connect from another device.

Maybe exist a way of set the meraki configuration to the user can log one time at one device and with this

try to not suffer an external attack (this is my afraid)

 

Regards.

Kind of a big deal

Re: LAN Wireless with Meraki Radius Login


@CarOneAdminwrote:

MRCUR,

 

Yes. i am using meraki hosted auth. But my question it`s how i can avoid the user & password sharing.

i want only 10 machines with windows 10 connected to this SSID without the capacity of connect from another device.

 

.......

Only 10 devices, have you considered JumpCloud - Directory as a Service ?

Robin St.Clair | Principal, Caithness Analytics | @uberseehandel
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.