Meraki

Community

Configuring Cisco Meraki Wi-Fi SSID Authentication Using Intune-Deployed Certificates (No RADIUS)

MG91
New here
Wednesday
Wednesday

Configuring Cisco Meraki Wi-Fi SSID Authentication Using Intune-Deployed Certificates (No RADIUS)

Hello Meraki Community,

 

We are currently planning a serverless environment hosted in Azure and are using Intune as our Mobile Device Management (MDM) solution. We aim to configure Wi-Fi authentication for our corporate SSID on Cisco Meraki APs without using a RADIUS server.

 

Our specific requirements are as follows:

 

  1. Goal: Allow clients to connect to the corporate Wi-Fi SSID without manually entering a password. Instead, authentication should rely on a certificate deployed to the devices through Intune.
  2. Environment:
    • Cloud Platform: Azure
    • MDM Solution: Microsoft Intune
    • Wi-Fi Infrastructure: Cisco Meraki Access Points

 

  1. Constraints: We want to avoid setting up a RADIUS server and are seeking a serverless approach.

 

Questions:

  1. Is it possible to configure Meraki APs to authenticate Wi-Fi clients solely based on client certificates without involving a RADIUS server?
  2. If yes, what are the steps or best practices to achieve this?
  3. Does Meraki support any native certificate-based authentication mechanisms in a serverless configuration?
  4. Are there specific configurations in Intune or Meraki that need attention to streamline this setup?

 

Any guidance, insights, or shared experiences would be greatly appreciated.

Thank you in advance for your support!

0 Kudos
2 Replies 2
JustinH
Here to help
Wednesday
Wednesday

I don't have the book in front of me, but "Securing Enterprise Networks with Cisco Meraki" would be worth a look to see if there's information about how to accomplish this within that book.  I'm lucky in that this book is available for check out in my local public library, so it's worth a look to see if it is at your library as well.

0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
Wednesday
Wednesday

>Is it possible to configure Meraki APs to authenticate Wi-Fi clients solely based on client certificates without involving a RADIUS server?

 

Yes.  You use local authentication mode, set to certificate authentication.

https://documentation.meraki.com/MR/Encryption_and_Authentication/Meraki_Local_Authentication_-_MR_8...

 

>If yes, what are the steps or best practices to achieve this?

 

You 'll need to subscribe to Cloud PKI.  Tere is a long there here about doing it:
https://community.meraki.com/t5/Wireless/Azure-Cloud-PKI-is-now-released-how-do-we-hook-Meraki-AP-to...

 

>Does Meraki support any native certificate-based authentication mechanisms in a serverless configuration?

 

Yes.  It is called Trusted Access.  It uses a Systems Manager licence.  Users can authenticate against Entra ID in the self service portal, deploy a certificate to their device, and then use that to authenticate.

https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Trusted_Access_for_Se...

 

>Are there specific configurations in Intune or Meraki that need attention to streamline this setup?

 

It depends on weather you want to use Cloud PKI or Trusted Access.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.