Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Register or Sign in
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
About imuccini
imuccini
Here to help
Member since Aug 8, 2018
Friday
Community Record
9
Posts
1
Kudos
0
Solutions
Badges
2 weeks ago
I am not an expert but I think the certificates are actually generated by Meraki after the user successfully authenticated via SAMl on the portal. My doubt is whether the authentication is performed on Azure via SAML at every network authentication attempt, or if it terminates on the SM and it is valid until expire date. What would happen if you "remove" a user from Azure AD?
... View more
The official Meraki documentation for IPSK without RADIUS mentions: "There is a limit of configuring up to 50 PSKs per SSID in Dashboard" Does the same limit applies also when generating IPSK passphrases via APIs? REF: https://documentation.meraki.com/MR/Encryption_and_Authentication/IPSK_Authentication_without_RADIUS#:~:text=IPSK%20without%20RADIUS%20allows%20a,authenticate%20to%20the%20WiFi%20network.
... View more
May 5 2022
7:47 AM
This is great. We are also seeing the adoption of Passpoitn in offices becoming a trend! One common scenario is the following: We set up an internal portal for employees, where they can signup for WiFi access They receive a confirmation email with a personalized link to download a Passpoitn profile on their devices In the email, they are also informed that for devices that do not support Passpoint, they can still click on the SSID, that prompts the WAP2-E dialog, and enter their username/password. In other cases, a direct integration with the company directory, automatically provisions WiFi for all the employees and sends them the activation email with Passpoint link and WPA2-E credentials. Some ideas can be found here: https://cloud4wi.zendesk.com/hc/en-us/articles/360034801851-Passpoint-introduction
... View more
May 5 2022
7:41 AM
1 Kudo
We are experiencing a great adoption of Passpoint in the past few months, on top of the Meraki network. There are many use cases and most of them work in parallel to standard Splash Pages for guests. Here are some examples: when customers buy tickets/make reservations online, they receive a Paspsoint download profile link to pre-activate WiFi before they arrive new employees/associates get invited to activate WiFi by obtaining both a Passpoint profile download and WPA2-E credentials as a backup for devices that do not support Passpoint When customers signup to loyalty programs from any touchpoint, they receive a text message to activate WiFi When patients sign up on their medical group website/apps, they get invited to pre-activate WiFi so they are online when they visit clinics/doctor offices One of the use cases with the most traction is related to the empowerment of the mobile app with automatic and secure Passpoitn connectivity. This, not only provide seamless connectivity to the app users while in-store, but unlock location services to app users regardless of their OS location permissions. You can get some inspiration from our tech docs: Passpoint solution: https://cloud4wi.zendesk.com/hc/en-us/articles/360034801851 WiFi SDK: https://cloud4wi.zendesk.com/hc/en-us/articles/4423699578765
... View more
May 5 2022
7:37 AM
We are experiencing a great adoption of Passpoint in the past few months, on top of the Meraki network. There are many use cases and most of them work in parallel to standard Splash Pages for guests. Here are some examples: when customers buy tickets/make reservations online, they receive a Paspsoint download profile link to pre-activate WiFi before they arrive new employees/associates get invited to activate WiFi by obtaining both a Passpoint profile download and WPA2-E credentials as a backup for devices that do not support Passpoint When customers signup to loyalty programs from any touchpoint, they receive a text message to activate WiFi When patients sign up on their medical group website/apps, they get invited to pre-activate WiFi so they are online when they visit clinics/doctor offices One of the use cases with the most traction is related to the empowerment of the mobile app with automatic and secure Passpoitn connectivity. This, not only provide seamless connectivity to the app users while in-store, but unlock location services to app users regardless of their OS location permissions. You can get some inspiration from our tech docs: Passpoint solution: https://cloud4wi.zendesk.com/hc/en-us/articles/360034801851 WiFi SDK: https://cloud4wi.zendesk.com/hc/en-us/articles/4423699578765
... View more
Apple iOS 14 is planning to use a private WiFi MAC Address and change it periodically, even if the device connects to the same BSSID (https://support.apple.com/en-us/HT211227). How does this impact Meraki IPSK? If the MAC address changes over time, this technique won't work. https://documentation.meraki.com/MR/Encryption_and_Authentication/IPSK_with_RADIUS_Authentication Is the Meraki team working on alternative solutions or workarounds?
... View more
Apr 24 2019
1:51 PM
I am not a lawyer as well, but I understood that "consent" and "legitimate interest" are two different lawful grounds to collect and process personal data. Just associating to an SSID is not a freely given, informed and explicit consent to give "someone" (who?) the right to see and process the MAC address (personal data). So I believe it can't be considered consent. The only way, I guess, is to leverage the legitimate interest ground. And to rely on that the GDPR requires anyway to inform the customer before, with a notice that explains at least on the first level what data is collected and who is the controller, on top of providing mechanisms to object (a prior and a posteriori) to the collection and to adopt adequate security measure for the processing itself (for example pseudonymization). And this seems to be the tricky part, in fact, I don't know any vendor doing that. Technically it would be possible eventually, just avoiding to track the logs unless you get consent for it. Moreover, in the end, tracking the MAC address and location (AP) by means of association logs is equivalent to tracking the MAC with the Location APIs from the end user perspective. Looking forward to collecting opinions on this topic.
... View more
Apr 24 2019
12:10 PM
I am trying to advise a customer about the measures he needs to put in place to ensure the GDPR compliance of his initiative using Meraki. When an end user associates his device to an SSID, Meraki dashboard tracks the device MAC address and the logs of the activities of that device (for example associations / disassociations). This happens immediately as soon as the device associates the first time, independently if there is eventually a captive portal after, or it is a simple WPA2 or open network. The MAC address is considered personal data in the GDPR, and, since it is not anonymized immediately after the collection, it is subject to the GDPR rules. Moreover, the logs are associated with an APs which physical location is known, so the logs track also the location of the device, plus other info (model, manufacturer, etc..) The only lawful ground that can be used for the collection and processing of such personal data is legitimate interest. However, to rely on this principle, the data controller must anyway provide prior notice to individuals before the data is collected. But, even in case of setting up a Splash Page with the privacy notice, that personal data is collected before and independently from the acceptance (or not acceptance) of the terms on the splash page. What is the best practice recommended for a data controller to be able to deploy a WiFi network in compliance with GDPR? How can a data controller prove the legitimate interest in collecting and processing such personal data in clear and for such a long time?
... View more
© 2024 Cisco Systems, Inc.
