Meraki

2102cool · ‎Sep 5 2024

Hi guys,

I would like to deploy a single SSID with hybrid authentication and use ISE for the RADIUS server.

According to the document below, it seems like Meraki does not support hybrid authetication for SSID

https://community.cisco.com/t5/security-knowledge-base/how-to-integrate-meraki-networks-with-ise/ta-...

Is there any other way I can configure?

KarstenI · ‎Sep 5 2024

No, the SSID has to be configured either for MAB or for 802.1X. What you want is only possible on wired ports.

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.

GIdenJoe · ‎Sep 7 2024

No vendor can support MAB and dot1x at the same time.
In Wi-Fi you have a layer 2 security type: Open, WPAx-Peronsal, WPAx-Enterprise, Enhanced Open.

You cannot mix these within the same SSID, so WPAx-Personal will always use a pre-shared key and WPAx-Personal will always be an 802.1X authentication method.

However what you CAN do is in the L3 authentication part you can have a login form that uses a radius server in the background for logins or have some device based access policy.

Usually in companies you have a single SSID with 802.1X authentication for use for corporate owned laptops and other devices supporting 802.1X and BYOD. Then you have a second pre-shared key based SSID (can also be identity pre-shared key) for IoT devices that do not support 802.1X and a third Open/Enhanced Open for visitors where you can optionally have a portal page.

In case of venues you can also have a fourth SSID based on some external system like Cisco's OpenRoaming, or in educations EduRoam.

Meraki

Community

Single SSID with 1x/MAB

Single SSID with 1x/MAB