Meraki

ajtsystems · ‎Sep 16 2023

I've been reading this article https://documentation.meraki.com/MR/Encryption_and_Authentication/Meraki_Local_Authentication_-_MR_8...

Which says that Meraki MR Local Auth can authenticate user certificates but I need to know if it can authenticate Machine certificates in the same way?

I'm trying to remove the requirement for a RADIUS server, which this looks like it does by running RADIUS locally on the MR.

Thanks

KarstenI · ‎Sep 16 2023

I would expect it to work. Basically both User- and Machine certificates are the same. They are just used and stored differently. And the CN/SAN holds a valid username in one case and a domain-machine in the other.

View solution in original post

alemabrahao · ‎Sep 16 2023

As far as I know, user-level authentication is only possible with local authentication.

Basically what the AP does is store user information in cache and thus it can maintain authentication in case of communication failure with the LDAP server.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

KarstenI · ‎Sep 16 2023

I would expect it to work. Basically both User- and Machine certificates are the same. They are just used and stored differently. And the CN/SAN holds a valid username in one case and a domain-machine in the other.

PhilipDAth · ‎Sep 18 2023

For local certificate authenticate, you upload a root CA certificate. The MR will alow anything to authenticate that uses a certificate from that root CA certificate.

It doesn't matter if it is a user or a machine.

Meraki

Community

Meraki Local Authentication - MR 802.1X

Meraki Local Authentication - MR 802.1X