I would regard Google Authentication as a temp fix for Single VLAN locations where a user-base directory for RADIUS Authentication is not available. There's some serious drawbacks to using Google Authentication: 1 - Must generate a GSuite App-Specific password per user. 2 - Must install or activate a mobile-config profile on Mac OS (per network) or Windows machines (per user). 3 - You cannot re-use the same SSID in multiple locations if one is Google Auth, but the other location uses RADIUS. 4 - I have had reports of users unable to connect to other open networks, such as hotel-net WiFi networks. Deleting the Google authentication mobile.config profile for Mac OS users seems to allow that. 5 - No dynamic VLAN assignments possible via Google alone, and you cant even set up separate SSID's for different VLANs and expect some users to work on one SSID vs another. You might find some functionality via Sentry rules in Meraki System Manager (MDM), which could potentially specify which SSID's a tagged user's hardware can connect to, but this would be cumbersome to manage, and not really a best-practice.
... View more
Actually, we need both. I need to authenticate the user and machine, but the user is more important. So much effort was put into trying to sell us a Meraki solution, to the point that the features we wanted seemed trivial, and Meraki can handle pretty much anything we needed, in some way. But the results are that RADIUS or AD are the only two options--no LDAP, which I need most. But alas, we are doing other work to make the more old-school RADIUS work for us.
... View more