meraki support just told me meraki doesn't support 802.1 enterprise on chromebooks????

bento23
Comes here often

meraki support just told me meraki doesn't support 802.1 enterprise on chromebooks????

I'm new to meraki and I am trying to provision chromebooks with 802.1 with eap/tls. I purchased meraki after being told it could do that. However documnetation on the subject seems to be nonexistent. Can this be true that I can't connect using eap/tls. They recommend radius but i thought this solution provided a meraki tls approach.any advice appreciated. i want the most secure wifi connection i can accomplish with meraki ap. I don't have much experience with certificates and the like.  

4 Replies 4
Bruce
Kind of a big deal

In most cases you need more than just the Meraki kit to do 802.1x. Meraki supports 802.1x on its wireless access points and its switch ports too. In addition you’ll need a RADIUS server to respond to access requests (unless you use Meraki Authentication which is pretty basic) and if you intend to do EAP-TLS you’ll also need the infrastructure to issue certificates and get certificates onto the Chromebooks.

 

It’s easier to do straight username and password authentication. You still need the RADIUS server (or use Meraki Authentication), but you don’t need to get certificates onto devices. See here, https://documentation.meraki.com/MR/Encryption_and_Authentication/Configuring_Clients_for_802.1X_and... fordetails on how to configure various clients for 802.1x when using Meraki Authentication.

 

Configuring a RADIUS server depends on the server you use, but this document provides a good overview of the process, although it’s based around Windows clients and Microsoft NPS server, https://documentation.meraki.com/MR/Encryption_and_Authentication/Configuring_RADIUS_Authentication_...

 

DHAnderson
Head in the Cloud

You can use JumpCloud for RADIUS authentication.  While there is not currently a JumpCloud client app for Chromebooks, they can still use RADIUS authentication, and to an extent, Zero Trust.

 

PM me if you want more information about JumpCloud

 

- Dave

Dave Anderson
bento23
Comes here often

Hi Dave, i tried jumpcloud but left it because of no chromebook support but are you saying i could still use it for chromebooks - how would that be configured? with client certificates?

Bruce mention I could use Meraki sign-on and I see they also support Google auth in a redirect or saml.

From what I can gather the Meraki and Google sign in are PEAP - TTLS. Do you have any insight as to these all compare. Also I hadn't realized how hard it was to do Google on Meraki and now my iphones which used Google advanced mdm cant implement the Google Device Policy app as I've moved the iPhones to System Manager. So I was looking for secure method to connect iphones to Meraki without SM so we can access Google workspace on iphone. Would any of these auth methods be secure enough for this?

Thanks

bento 

DHAnderson
Head in the Cloud

@bento23 

 

You could still use RADIUS for the WiFi, without a JumpCloud agent on a Chromebook or phone.  You will need the users defined in JumpCloud, and optionally added to a group (Say, WiFi users).  Then configure a RADIUS setup and assign the group to it.  For extra security, you can setup RADIUS with 2FA.

 

 

 

 

 

Dave Anderson
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels