Hello I am hoping that someone may be able to help me understand if an idea is possible with 802.1x authentication via a single SSID.
My aim: to 802.1x authenticate corporate machines/users via a certificate so they are not required to enter details when using a corporate issued device (laptop/smartphone etc…), but if the device is not a corporate they are use our current off site RADIUS server solution to authenticate via 802.1x username & password.
First of all is this possible? So if a certificate is available on the device, if will authenticate locally and a policy set to allow native LAN as per wired clients, and if there is no certificate, they will be forwarded onto our 3rd party hosted RADIUS server with user entered credentials and user the Meraki “VPN: tunnel data to a concentrator” back to our MX in our DMZ so guests can still have internet access, while being isolated from our corporate data.
We want to continue to use our 3rd party RADIUS server as this is shared service with other partner company’s etc…
Secondly how would be go about this?