Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Meraki Wireless Access and MFA

TimMcManus
New here
‎Dec 10 2021 5:16 PM
‎Dec 10 2021 5:16 PM

Meraki Wireless Access and MFA

Hello,

 

I think I may have been mislead by a sales rep from our Cisco reseller. I was lead to believe that we would be able to configure our wireless network with Meraki to work with Duo for MFA. We were hoping for a Duo push to be issued when an HQ user connects to our Users SSID. I just got the email that our devices had shipped, which gave me access to the Meraki Dashboard, and after looking around for a while, and then googling, I don't see any detailed documentation on how to do something like this. Has anyone had any luck implementing anything like this? Thanks in advance for any helP!

Labels:
0 Kudos
Subscribe
4 Replies 4
Ryan_Miles
Meraki Employee
Meraki Employee
‎Dec 10 2021 6:13 PM
‎Dec 10 2021 6:13 PM

It can be done. It requires RADIUS. AP talks to RADIUS server and that talks to Duo server. Not sure how good the user experience is however. I've never actually seen anyone run it in production.

 

@PhilipDAth also mentions the main concerns in this past thread.

0 Kudos
Subscribe
In response to Ryan_Miles
TimMcManus
New here
‎Dec 10 2021 7:05 PM
‎Dec 10 2021 7:05 PM

Thanks for the input. Is there any other more commonly used approaches to MFA a wireless network? We really wanted to keep the apps needed to a minimum, which is why we wanted to use Duo, but we may have to settle for another MFA method.

0 Kudos
Subscribe
Rekun
Here to help
‎Dec 10 2021 10:49 PM
‎Dec 10 2021 10:49 PM

Hi

ypu could just use Duo as a radius provider.

I have never seen anyone using Mfa for wireless though

0 Kudos
Subscribe
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Dec 13 2021 12:50 PM
‎Dec 13 2021 12:50 PM

It can work using push notifications - but don't do it.

 

Every time a user roams from one AP to another, they'll get a prompt.  Every time they walk in and out of coverage, they'll get a prompt.  If their NIC powers down to save power and then comes back online, they'll get a prompt.

 

Users will get lots and lots of push notifications.

 

 

If you need tight security, use certificates instead.  If you have active directory, you can use the built-in CA server (to issue certificates) and NPS (as the RADIUS server).

https://documentation.meraki.com/MR/Encryption_and_Authentication/Configuring_RADIUS_Authentication_... 

It's a step learning curve if you have not done it before.  I'd get someone to come in and set it up for you.

Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.