Is there a way to configure access to an SSID based not only on a PSK/User Credentials, but also limit access to certified devices? For example, staff can connect to the corporate SSID using their Active Directory credentials, but only on devices that have been whitelisted by IT with a client-side certificate or MAC address list?
If System Manager is a solution, are there alternatives like Windows NPS or FreeRADIUS?
Any walkthrough or how-to guides on how to set it up?
These are easily achievable with a RADIUS server such as the ones you mentioned.
There's a decent guide for configuring Meraki with Microsoft NPS. You can then alter the policies for what best works in your environment
For using 802.1x based on the certificate the best option is using 802.1x with EAP-TLS:
You can also use MAB:
We'll save MAB as a last resort. I am not a fan of the way Microsoft handles MAB authentication with NPS. 500+ additional AD accounts to manage would be a management overhead nightmare. Pushing certificates to devices enrolled in our MDM is much more manageable.
Thanks!
We'll give this a try and report back. Thanks!
We're still testing but this appears to be working. Allowing domain joined machines to join.
How do we go about doing the same on iOS and iPadOS devices? We currently use Intune as or MDM.
Thanks!