Meraki

Community

About brconflict

Re: EAP-TTLS or PAP for Wired Port Security

by Kind of a big deal in Switching
‎Sep 14 2022 11:56 AM
‎Sep 14 2022 11:56 AM
Maybe 300 users using per-user certificates. ... View more

Re: Hardware Authentication / WiFi without Systems Manager MDM

by in Wireless
‎Feb 27 2021 6:35 PM
‎Feb 27 2021 6:35 PM
Thanks for the input. See, the problem with Cisco ISE is, it provides a host and wealth of other features we simply don't need. We're not going to Cisco ISE because it does "too much" and requires too much effort to set up to solve one simple problem. It would be cheaper and far simpler to use Meraki MDM with Sentry rules, but, the MDM won't co-exist with our approved MDM, unfortunately. Plus, the Meraki MDM price doesn't compete with our chosen options. ... View more

Re: Urgently need Meraki Support engineer

by Kind of a big deal in Wireless
‎Feb 10 2021 11:24 AM
‎Feb 10 2021 11:24 AM
@LYYIHEANG  have you tried opening a high priority case via the dashboard?     ... View more

Re: Google Authentication + Vlan Assignments

by in Wireless
‎Sep 5 2019 10:31 AM
‎Sep 5 2019 10:31 AM
I would regard Google Authentication as a temp fix for Single VLAN locations where a user-base directory for RADIUS Authentication is not available. There's some serious drawbacks to using Google Authentication:   1 - Must generate a GSuite App-Specific password per user. 2 - Must install or activate a mobile-config profile on Mac OS (per network) or Windows machines (per user). 3 - You cannot re-use the same SSID in multiple locations if one is Google Auth, but the other location uses RADIUS. 4 - I have had reports of users unable to connect to other open networks, such as hotel-net WiFi networks. Deleting the Google authentication mobile.config profile for Mac OS users seems to allow that. 5 - No dynamic VLAN assignments possible via Google alone, and you cant even set up separate SSID's for different VLANs and expect some users to work on one SSID vs another.   You might find some functionality via Sentry rules in Meraki System Manager (MDM), which could potentially specify which SSID's a tagged user's hardware can connect to, but this would be cumbersome to manage, and not really a best-practice. ... View more

Re: Access Policy with 802.1x profile on MacOS issue

by in Switching
‎Sep 18 2017 7:40 AM
‎Sep 18 2017 7:40 AM
Actually, we need both. I need to authenticate the user and machine, but the user is more important. So much effort was put into trying to sell us a Meraki solution, to the point that the features we wanted seemed trivial, and Meraki can handle pretty much anything we needed, in some way. But the results are that RADIUS or AD are the only two options--no LDAP, which I need most. But alas, we are doing other work to make the more old-school RADIUS work for us. ... View more

Re: VPN Group Policy

by Kind of a big deal in Security & SD-WAN
‎Aug 30 2017 4:25 PM
1 Kudo
‎Aug 30 2017 4:25 PM
1 Kudo
When it says "AD" it is really LDAPs.  I don't see why you couldn't point it at any LDAPs server. ... View more
My Top Kudoed Posts
© 2024 Cisco Systems, Inc.