Meraki

nscheffer · ‎Aug 22 2018

Hi,

I got the following config :

- several MR52 using WPA2-PSK for most of the SSIDs used

- on some SSID Adaptative 802.11r enabled due to a large majority of iOS and Mac OS devices with Fast Lane enabled

- 802.11w enabled

Due to the KRACK or PMKID vulnerabilities it's recommended to disable 802.11r when using WPA2-PSK but we are loosing all benefit when using Apple devices with Cisco products, what is the alternative to keep 802.11r ?

Thanks in advance.

Regards.

Nicolas Scheffer

PhilipDAth · ‎Aug 22 2018

https://documentation.meraki.com/MR/Encryption_and_Authentication/Certificate-based_WiFi_authenticat...

View solution in original post

PhilipDAth · ‎Aug 22 2018

If you increase your PSK length to 11 digits or more you practically don't have a problem anymore.

A better solution is to use WPA2-Enterprise mode, because you can use this with 802.11r without issue. You can use this either with RADIUS (if you have Active Directory for example) of it you have a smaller number of users you can use Meraki Authentication.

You could also use Meraki Systems Manager with Systems Manager authentication, which uses certificate based authentication.

nscheffer · ‎Aug 22 2018

Hi Philip,

Thanks for the quick answer.

WPA2-Enterprise mode could be a solution for managed devices I got using Meraki Systems Manager.

When you say to use Meraki Systems Manger for authentication (using Certificates created during enrolment, which is nice I really like it !) how to do it ?

- Associations requirements is WPA2-Enterprise with Meraki Authentication

- but where you specify you want to use Cert authentication instead of login/password ?

Nicolas

PhilipDAth · ‎Aug 22 2018

https://documentation.meraki.com/MR/Encryption_and_Authentication/Certificate-based_WiFi_authenticat...

nscheffer · ‎Aug 22 2018

Excellent !

Meraki

Community

KRACK or PMKID vulnerabilities impact and Fast Roaming 802.11r

KRACK or PMKID vulnerabilities impact and Fast Roaming 802.11r