Meraki

Community

Good replacement for NPS Radius for WIFI?

Marc_Abaya
Getting noticed
‎May 30 2023 4:40 PM
‎May 30 2023 4:40 PM

Good replacement for NPS Radius for WIFI?

We're going to retire our Windows NPS after 10+ years in service. It's very reliable, but we're missing some key features like MFA.  We're a mix of Azure AD and Google Workspace. 

 

What are the common solutions out there that's popular and mostly used? We're currently looking at JumpCloud and SecureW2.

Labels:
0 Kudos
7 Replies 7
alemabrahao
Kind of a big deal
Kind of a big deal
‎May 30 2023 5:00 PM
‎May 30 2023 5:00 PM

In my opinion Cisco ISE is the best solution.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Brash
Kind of a big deal
Kind of a big deal
‎May 30 2023 9:05 PM
‎May 30 2023 9:05 PM

NPS does technically have an MFA integration, but it certainly has its limitations.

Use Azure AD Multi-Factor Authentication with NPS - Microsoft Entra | Microsoft Learn

 

I typically see people use Cisco ISE and Aruba Clearpass.

I have also heard of people using Jumpcloud which looks intriguing, but I've never tried it.

PhilipDAth
Kind of a big deal
Kind of a big deal
‎May 31 2023 1:37 PM
‎May 31 2023 1:37 PM

People don't tend to use MFA for WiFi because roaming events could result in a lot of push notifications.

 

For VPN, people tend to use SAML now (which requires Cisco AnyConnect) rather than RADIUS, and authenticate directly against things like AzureAD and Duo.

 

Are you using NPS for anything else?

0 Kudos
In response to PhilipDAth
alemabrahao
Kind of a big deal
Kind of a big deal
‎May 31 2023 1:39 PM
‎May 31 2023 1:39 PM

I use the ISE integrated with Okta and I never had problems, it works very well.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
In response to alemabrahao
PhilipDAth
Kind of a big deal
Kind of a big deal
‎May 31 2023 1:41 PM
‎May 31 2023 1:41 PM

Good to know. Maybe I should be more brave.

0 Kudos
In response to PhilipDAth
Marc_Abaya
Getting noticed
‎May 31 2023 1:43 PM
‎May 31 2023 1:43 PM

It's just for WIFI. We're looking for RADIUS options right now and curious what most people in the industry are using.

 

We're good with our VPN since we're SAML using OKTA.

0 Kudos
In response to Marc_Abaya
PhilipDAth
Kind of a big deal
Kind of a big deal
‎May 31 2023 1:53 PM
‎May 31 2023 1:53 PM

@alemabrahao is right - Cisco ISE is "da bomb".

 

I see 99.999% of companies using Microsoft NPS still.  Hard to beat the price.

 

ps. There are zero changes to NPS in newer versions of Windows.  To migrate, you just export the config on the old server and then import it on the new server.

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.