Meraki Local Authentication - MR 802.1X

Solved
ajtsystems
Comes here often

Meraki Local Authentication - MR 802.1X

I've been reading this article https://documentation.meraki.com/MR/Encryption_and_Authentication/Meraki_Local_Authentication_-_MR_8...

 

Which says that Meraki MR Local Auth can authenticate user certificates but I need to know if it can authenticate Machine certificates in the same way?

 

I'm trying to remove the requirement for a RADIUS server, which this looks like it does by running RADIUS locally on the MR.

 

Thanks

1 Accepted Solution
KarstenI
Kind of a big deal
Kind of a big deal

I would expect it to work. Basically both User- and Machine certificates are the same. They are just used and stored differently. And the CN/SAN holds a valid username in one case and a domain-machine in the other.

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.

View solution in original post

3 Replies 3
alemabrahao
Kind of a big deal
Kind of a big deal

As far as I know, user-level authentication is only possible with local authentication.

 

Basically what the AP does is store user information in cache and thus it can maintain authentication in case of communication failure with the LDAP server.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
KarstenI
Kind of a big deal
Kind of a big deal

I would expect it to work. Basically both User- and Machine certificates are the same. They are just used and stored differently. And the CN/SAN holds a valid username in one case and a domain-machine in the other.

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
PhilipDAth
Kind of a big deal
Kind of a big deal

For local certificate authenticate, you upload a root CA certificate.  The MR will alow anything to authenticate that uses a certificate from that root CA certificate.

 

It doesn't matter if it is a user or a machine.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels