MR EAP Support

SOLVED
FlyingFrames
Getting noticed

MR EAP Support

Can Meraki APs themselves be authenticated with a RADIUS server using any EAP method e.g. EAP-TLS or PEAP?

 

Or this question does not exist with Meraki since each AP is automagically authenticated due to being in the correct org in Meraki dashboard?

1 ACCEPTED SOLUTION
Brash
Kind of a big deal
Kind of a big deal

Clients connecting to the AP can be authenticated by RADIUS, but the AP's themselves are authenticated to the organisation and configured when connecting to the Meraki cloud.

 

That said, if you're looking to authenticate Meraki devices on the network, you can look at enabling Secure Connect.

SecureConnect - Cisco Meraki

View solution in original post

3 REPLIES 3
Brash
Kind of a big deal
Kind of a big deal

Clients connecting to the AP can be authenticated by RADIUS, but the AP's themselves are authenticated to the organisation and configured when connecting to the Meraki cloud.

 

That said, if you're looking to authenticate Meraki devices on the network, you can look at enabling Secure Connect.

SecureConnect - Cisco Meraki

MarcP
Kind of a big deal


@FlyingFrames wrote:

Can Meraki APs themselves be authenticated with a RADIUS server using any EAP method e.g. EAP-TLS or PEAP?

 

Or this question does not exist with Meraki since each AP is automagically authenticated due to being in the correct org in Meraki dashboard?


"Automagically" - Great 😄 😄 😄

Troyco
Conversationalist

As much as I've known that Meraki does not support Dot1X to do AP authentication, that is really annoying from a secure edge scenario, especially when using Cisco switching (and furthermore when Cisco AP support Dot1x)

Why does Meraki not support this...

Saying this, we have also had issues with Cisco AP's doing Dot1x auth to switchports that fail when the port is configured as a trunk

 

The one thing you can look at if you have ISE is to use MAB and profiling to identify it as a Meraki AP, however there is a catch, from the little I've been looking into this so far there is no unique identifier (i.e. certificate detail) you can get from the AP to truly trust it.

 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels