Just wanted to note that in MX 18.205, the following is now a feature:  Trusted Traffic Exclusions - IP addresses and objects, as well as applications can now be “allow listed” and bypass IDS/IPS inspection   So now at least you get the choice of allow listing an entire snort rule, or an entire host.... Meraki back at it again with their only partially useful new "features". ... View more

Yes we’ve seen that, it’s a non-solution.  The premise is to buy their expensive device management solution on top of AzureAd/Intune (which is itself a device management solution) so that we can then authenticate WiFi.  No thanks. Just implement this basic feature.  ... View more

Yes, you’re missing Meraki/Cisco’s greediness and unwillingness to provide us with features we ask for. Anyone who says there’s technological reasons why it won’t work is lying to themselves. It can be done on other platforms.  ... View more

The way I imagine it would work is RADIUS would still technically be used in order to remain compatible with 802.x, just that Meraki would be the RADIUS server and would primarily serve to translate the SAML authentication response.   In the meantime, I'm thinking of trying to use FreeRADIUS and an LDAPS module with AADDS to accomplish this. It should allow me to perform authentication without running a FreeRADIUS vm in Azure Cloud, or setting up Azure VPN. It'd be great if I could find some documentation of connecting FreeRADIUS with SAML... then I wouldn't even need AADDS or LDAPS. ... View more

SAML2 is a growing, modern authentication method requiring little setup and knowledge and next to no maintenance to keep running. And, it's cloud-focused.   RADIUS is an old, inflexible method that generally relies on either maintaining your own on-prem system or going to an expensive third-party "cloud" solution.   Given Meraki is better suited not towards large enterprises but towards smaller, cloud-focused businesses, it would be in Meraki's best interest and follow their business model to move to support SAML authentication for 802.x. It would not make sense for Microsoft to implement an outdated authentication model in their cloud-focused Azure platform. Meraki/Cisco is also small-beans compared to Microsoft, so if anyone is going to follow suit it'll be Cisco.   I mean, technically it's already possible by standing up an on-prem or cloud NPS server with RADIUS, but the goal of this post is to get Meraki to support modern technologies, so I find your comment out of place. ... View more

Does Meraki have any plans to support this basic feature that other cloud networking gear supports? ... View more