cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
  • About alextsang010778

Re: TLS Support in Meraki AP to connect to LDAP when using Local Auth

by in Wireless LAN
‎09-28-2022 07:13 AM
‎09-28-2022 07:13 AM
I follow this KB for the local auth authentication. ... View more

TLS Support in Meraki AP to connect to LDAP when using Local Auth

by in Wireless LAN
‎09-28-2022 12:22 AM
1 Kudo
‎09-28-2022 12:22 AM
1 Kudo
Hi all   I tried to configure the local auth in the Meraki AP with password authentication, so we configure the LDAP Servers in the local auth to verify the AD username and password. But the authentication test in the LDAP configuration failed, and it said no response from LDAP server.     Then I do packet capture to see what's wrong, and I found that the AP negotiate the LDAP server with SSL only, but those ciphers are disabled in the LDAP and only TLS1.2 is supported. So anyone know it is by design or how to change it to support TLS (I use LDAP browser to connect with the LDAPs and do packet capture, and the result is success and can see TLS1.2 negotiated.         At last, I found that the local auth with password authentication cannot support with WPA2 only. Is it by design too?   Best regards ... View more

Re: Do EAP-TLS with MS CA but without RADIUS

by in Wireless LAN
‎08-13-2022 01:03 AM
‎08-13-2022 01:03 AM
Thanks Karstenl   I checked the document, would like to see my below understanding is correct or not for the local auth.   1. If using password based  - say EAP-TTLS/PAP, LDAP must be exist for the every user first login? Then MR will cache a hash of the credentials, so user can still login is LDAP is unavailable? 2. For the certificate based authentication - EAP-TLS, user can login to the SSID with a valid certificate issued by the issuing CA if the below requirement met. No external Radius and LDAP is required.   2.1 We will import the issuing CA certificate to the MR    2.2 Do not verify certificate with LDAP setting configured in LDAP option   2.3 Client's endpoint trust IdenTrust CA root cert 3. Maximum cache timeout is 24 hours, so is that the LDAP server must be resumed with 24 hours? Otherwise user cache expired and then client cannot login to that SSID? ... View more

Do EAP-TLS with MS CA but without RADIUS

by in Wireless LAN
‎08-12-2022 03:54 AM
‎08-12-2022 03:54 AM
Hi all   Understanding Meraki can use tag configured by System Manager to do something like cert auth without using RADIUS (Detail in the link below).   https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Certificate-based_Wi-Fi_authentication_with_Systems_Manager_and_Meraki_APs   Does Meraki provide a method to do EAP-TLS with the existing MS PKI deployed but not deploying RADIUS and system manager app/enrollment?   Best regards   Alex Tsang   ... View more
Labels:
© 2023 Meraki