Meraki Community

giovannip

Hi everyone,

I'm working on setting up a new WPA3-Enterprise network and I'm trying to figure out the best way to restrict access to only domain-joined computers. I'm hoping to leverage the security benefits of WPA3-Enterprise, but I also want to ensure that only authorized devices can connect to the network.

Has anyone had experience with this? Are there any specific configurations or settings I should be aware of?

I'm using Cisco Meraki as my network equipment.

Any insights or recommendations would be greatly appreciated.

Thanks,

Giovanni

Mloraditch

This is all determined by rules on your RADIUS server, whether Cisco ISE, NPS, or something else. The options are generally login/password based, certificate based, or a combination. I generally use certificates as I work in AD environments and we can do auto provisioning via GPOs to handle everything on the PCs. But there are a multitude of options out there. The Meraki side settings will mostly be agnostic to the Radius server used.

KH

Hey @giovannip

This can be achieved by applying a GPO to domain-joined devices that issues them with a certificate through your internal CA for wireless.

You could then configure the WPA3-Enterprise with Radius and on the Radius server have the certificate be used as the authentication method. You should also add username/password to ensure only employees are connecting from the machine in question.

This would help ensure only domain-joined clients can authenticate/connect to the SSID.

If you found this post helpful, please give it kudos. If my answer solved your problem, click "accept as solution" so that others can benefit from it

Meraki Community

Restricting WPA3-Enterprise Network Access to Domain-Joined Computers

Restricting WPA3-Enterprise Network Access to Domain-Joined Computers