Always check the datasheet of the AP itself. Most Cisco AP's will still work by disabling the USB port on 802.3at and sometimes they will disable a few of the radios like running in 2x2 instead of 4x4 or 8x8.   If your switch is only 802.3af then you should really consider upgrading 😉 ... View more

 Requirements All MR access points in the Network must be running MR 27.1+ firmware* An admin account credential for the LDAP server with read-only permissions has to be input as part of dashboard configuration  If an Active Directory-based LDAP server is used, it must support an LDAP bind operation The LDAP server must support STARTTLS CA certificate used to sign the LDAP server's private key must be uploaded to the dashboard. This certificate is used by an MR to verify the authenticity of the LDAP server. The LDAP server’s certificate must have a subjectAltName field that matches the Host address configured on the dashboard (either IP address or FQDN) Wireless clients must trust the certificate presented by the MR which is signed by a well-known Certification Authority QuoVadis for the purposes of validation of the MR for certificate-based authentication. https://documentation.meraki.com/MR/Encryption_and_Authentication/Meraki_Local_Authentication_-_MR_802.1X ... View more

I volunteer to be the one to say that: MAC-based authentication on Wi-Fi is not a legitimate security measure.   So as mentioned above, IPSK authentication w/o RADIUS is your best bet (with good passwords/passphrases). ... View more