Meraki

SLT-Meraki · ‎Sep 29 2022

Hi friend,

I have meraki MR36 wireless network. I want to know that how to enable two factor authentication for wifi client.

Brash · ‎Sep 29 2022

MFA for wifi auth is doable via WPA2 Enterprise and a radius server that supports MFA integration.

That said my experience is that MFA is rarely used for this as it can is it creates a poor user experience. MFA will be required every time a user reauths. For some laptops, this can include being woken up from lock or sleep (when it goes into low power mode). Also anyone who is on the fringe of the wifi range and encounters disconnects may keep getting requests for reauth.

Brash · ‎Sep 29 2022

I should clarify that here I'm talking about 2FA via authenticator apps such as Google Authenticator or Duo.

Multi Factor Authentication can actually be achieved in other ways such as certificates and/or AD device/user security groups (via a radius server)

GIdenJoe · ‎Sep 30 2022

So everytime you have a slow roam or a timeout you want to open up your authenticator app just to stay on the Wi-Fi. Like Brash said, your client experience will be horrible. Just don't do it.

alemabrahao · ‎Sep 30 2022

I think MFA on Wifi is unnecessary, If you have policies well defined and limit access on your network It's enough.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

Meraki

Community

Enabling two factor authentication for client in MR36

Enabling two factor authentication for client in MR36