LAN Wireless with Meraki Radius Login

Solved
CarOneAdmin
Here to help

LAN Wireless with Meraki Radius Login

Dear,

 

it`s possible make an SSID based on MAC adress access control with meraki radius log in?.

i try to make this by the meraki administration and i´m not allowed. 

 

Regards!

1 Accepted Solution
Uberseehandel
Kind of a big deal

I suggest you investigate using System Manager to facilitate implementing access security without relying on MAC addresses. This will avoid the use of shared passwords

Robin St.Clair | Principal, Caithness Analytics | @uberseehandel

View solution in original post

13 Replies 13
ww
Kind of a big deal
Kind of a big deal

no

CarOneAdmin
Here to help

Ok,

 

and if I want to generate a ssid with mac adress and some additional security what options do I have left?

 

Thanks!

Uberseehandel
Kind of a big deal


@CarOneAdmin wrote:

Dear,

 

it`s possible make an SSID based on MAC adress access control with meraki radius log in?.

i try to make this by the meraki administration and i´m not allowed. 

 

Regards!


For the purpose you describe, MAC addresses are about as reliable as chocolate teapots. Better to use a certificate based system. Junior school kids know how to spoof MAC addresses.

Robin St.Clair | Principal, Caithness Analytics | @uberseehandel
TMRoberts
Getting noticed

Agreed. Switch to certificate based for access that way if they do not have the certificate installed they will not connect. MAC spoofing is easy so all they need to do is find and existing client, spoof that address and still connect.


T Roberts
A+, Network+, MCP, Dell and CMNO
CarOneAdmin
Here to help

Tmroberts,

 

Thanks! i want to avoid the future troubles on this future SSID (Enterprise LAN WIFI), thats is the reason of my cuestion.

is possible duplicate the security on a SSID with meraki radius?  i want to avoid the user & password sharing!

 

Regards!

Uberseehandel
Kind of a big deal

Have a look at this for starters - 

 

https://documentation.meraki.com/MR/Encryption_and_Authentication/Certificate-based_WiFi_authenticat...

 

Check if it meets your needs. There are plenty of people on this forum who have in depth experience of this. To date my use of certs is a little different but I am contemplating switching to this general method.

 

Robin St.Clair | Principal, Caithness Analytics | @uberseehandel
CarOneAdmin
Here to help

Uberseehandel,

 

Thanks for the comment, This configuration its very useful to me and for this proyect.

I have set meraki with this configuration and I feel a little closer than what I need.

but i need to make this more closed & restrict not allowed devices.

 

 

MERAKI RESTRICTIONS.PNG

 I need something more to only accept devices of my trust. For that i have been thinking on the security based on mac adress, but how i have listen on this forum its easy the mac adress spoofing now i am some lost but more close to my objective thanks to you and this forum.

 

Regards!

 

Uberseehandel
Kind of a big deal

I suggest you investigate using System Manager to facilitate implementing access security without relying on MAC addresses. This will avoid the use of shared passwords

Robin St.Clair | Principal, Caithness Analytics | @uberseehandel
CarOneAdmin
Here to help

Uberseehandel,

 

thanks for the help & support! 

 

Regards.

CarOneAdmin
Here to help

Thank you Uberseehandel,

How you see i am a rookie on this.
so if the best option is meraki radius?
its impossible suffer an external attack with this only type of security?

Regards!
MRCUR
Kind of a big deal

Why don't you use Meraki hosted auth? This will allow you to implement 802.1x auth on the SSID without needing to use MAC based auth and not need an external RADIUS server. See here for how this is set up in Dashboard: https://documentation.meraki.com/MR/Encryption_and_Authentication/Meraki_Cloud_Hosted_Authentication

MRCUR | CMNO #12
CarOneAdmin
Here to help

MRCUR,

 

Yes. i am using meraki hosted auth. But my question it`s how i can avoid the user & password sharing.

i want only 10 machines with windows 10 connected to this SSID without the capacity of connect from another device.

Maybe exist a way of set the meraki configuration to the user can log one time at one device and with this

try to not suffer an external attack (this is my afraid)

 

Regards.

Uberseehandel
Kind of a big deal


@CarOneAdminwrote:

MRCUR,

 

Yes. i am using meraki hosted auth. But my question it`s how i can avoid the user & password sharing.

i want only 10 machines with windows 10 connected to this SSID without the capacity of connect from another device.

 

.......

Only 10 devices, have you considered JumpCloud - Directory as a Service ?

Robin St.Clair | Principal, Caithness Analytics | @uberseehandel
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels