Community Record
52
Posts
5
Kudos
0
Solutions
Badges
Sep 25 2023
3:43 PM
Thank you for your suggestion. Have you changed it back to WPA2 due to an issue or still operating on WAP3?
... View more
Sep 23 2023
2:27 PM
New to Meraki. Is there a way to disable 2.4GHz on a few selected APs in a mesh environment?
... View more
Labels:
- Labels:
-
Other
Sep 23 2023
2:26 PM
How can I tell if a supplicant especially a laptop supports 802.11w or not?
... View more
Sep 23 2023
9:30 AM
If not all devices support 802.11w, will that not cause an issue since WPA3 automatically chooses 802.11w to Required (reject unsupported clients)?
... View more
Sep 23 2023
8:45 AM
I noticed when I choose WAP3 on Meraki the 802.11r gets disabled and 802.11w changes to Required (reject unsupported clients). Also, it's not possible to change these options. Are we going to lose the seamless roaming features that .11r provides? I currently have 802.11r as Adaptive & 802.11w as Enabled(Allow unsupported clients)
... View more
Sep 23 2023
8:41 AM
Is this how it works? Every time a client roams to a new AP the whole DHCP process restarts and the new AP will provide a new IP address?
... View more
Sep 23 2023
8:37 AM
Has anyone used WAP3 192-bit Security with the RADIUS server to authenticate corp users using certs(EAP-TLS)? We are currently using EAP-TLS but on Meraki, it's WAP2 only. If so are there any changes that need to be made on the Radius server? All of our corp laptops support WAP3 enterprise.
... View more
Sep 20 2023
4:23 PM
How can I really test it? I tested it on my laptop manually and it worked just fine. Is it best practice to just leave it as is and only mess with it if an issue comes up? Are there reports we can run to see daily 2.4GHz and 5GHz uses?
... View more
Sep 20 2023
2:33 PM
Hello, I noticed that under device manager-->wireless card(intel). We can change the Preferred band to "Prefer 5GHZ band" on a Windows laptop. Is it a good idea to configure this option in an enterprise to all machines or it's just to leave it "no Preference" and let the AP do the band steering? Has anyone implemented this configuration in their organization before?
... View more
Thank you for your response. creating different SSIDs per floor is not an option. What about the reduction of broadcast/multicast domain by putting APs and Clients on different on different subnets per floor? Is this a benefit or not significant enough?
... View more
I have a situation where we have to install APs in a 5-floor bldg. Each floor is separated by an elevator so there is no expectation of seamless roaming when a user moves between floors as they get disconnected when using the elevator. Plus there are other offices on the remaining floors of the building. So when designing should I put all APs (Around 100) in a single Subnet (/24) and all corp-users in a different single wifi-user VLAN (/22)? Or it's better if each floor AP should be on its own L3 subnet and the same for the clients. All VLANs are stretched across all floors. All Floors have the same number of APs and clients. Another question: How can we ensure that a user on Floor 2 doesn't connect to AP on Floor 3 .. etc.... This shouldn't happen but I am guessing it might. Can anyone offer some advice?
... View more
Labels:
- Labels:
-
Installation
-
Other
-
SSID
Sep 13 2023
3:26 PM
Have you looked into this article? https://apicli.com/2021/12/13/meraki-mr-802-1x-with-azure-active-directory/ This solution relies on Microsoft Azure’s SLA (99.99%) due to the caveats above. In addition, the solution requires a secure connection so that the MR can reach Azure AD DS by its private IP addresses. Although Azure AD DS allows LDAPS over the internet, it only allows port 636 and not 389.
... View more
Jun 22 2023
3:50 PM
2 Kudos
Thank you for the suggestion but I am not very familiar with coding or using API. I think it's best for me to use the features provided within the Meraki dashboard.
... View more
Jun 22 2023
1:59 PM
I'm new to Meraki and about to enter production for the first time. I would like to gather feedback from experienced individuals. I'm curious to know if you are utilizing a template in your environment or if you manage everything solely through the "Network" option. Our situation involves a cookie-cutter scenario with a few offices and remote sites that share the same SSID, RF profile, and so on. One drawback I noticed when using the template is the inability to schedule firmware upgrades on a site-by-site basis. Instead, we would have to upgrade the entire template simultaneously or duplicate the template, unbind the network from the "old" template, and gradually transition to the "new" template with newer firmware. I'm trying to determine whether it would be more beneficial for us to use a Template to manage our Meraki Wireless or simply rely on the Network option. We will only be utilizing Meraki APs and no other equipment. I would greatly appreciate any suggestions you can provide.
... View more
I tried uploading the cert into a new ssid but it's giving an error "WPA Encryption is incompatible with association type". WPA is selected as WPA2 only Update: Actually, it turned out to be a new dashboard version issue. Once I changed it back to the old version it worked.
... View more
Mar 14 2023
1:33 PM
Yes, I can go ahead and upload the CA root cert. But my question is do we still need the LDAP server?
... View more
Mar 14 2023
12:23 PM
Where does it say it is mandatory? That's where I am confused. when I go to my SSID in the Meraki dashboard and change auth to local and select Cert auth. LDAP & OSCP looks like they are optional.
... View more
Mar 14 2023
11:07 AM
You are just copying & pasting from the document which I have already read. This is why I am asking here so someone could help clarify in layman's terms. It's not helping at all. If certificate-based authentication is used, the MR will additionally check that the provided username matches either the CN or userPrincipalName in the certificate, since the username would otherwise be unauthenticated. --> is this optional or mandatory?
... View more
Mar 14 2023
8:32 AM
Thanks but we have our own MDM solution so Systems Manager is not an option. I am only interested in local cert-based auth but wanted to confirm if we can do this without using the RADIUS server or LDAP.
... View more
Mar 14 2023
7:48 AM
Thank you. Is RADIUS or LDAP server needed for EAP-TLS(cert based) auth or Meraki can handle this locally without being dependent on the RADIUS or LDAP server?
... View more
Thank you. We are planing to move away from the user/pass model and strictly use EAP-TLS(Certificate) only. That's why I was thinking Meraki can handle this locally without depending on LDAP or RADIUS server. Do you know if that is the case?
... View more
Thank you for the response. But from what I read LDAP is an optional setting. Are you using this option currently? We don't have ISE but were NOT planning to use the MS RADIUS Server either. I was hoping this option allows EAP-TLS auth to take place locally without being dependent on anything else on the backend. Any thoughts?
... View more
Mar 14 2023
6:11 AM
We are looking into this option & use Meraki as an Authentication server for Cert-based auths (EAP-TLS) instead of the RADIUS server without enabling any connection to LDAP or OSCP. When I enable Certificate authentication, it asks to upload "Client Certificate CA". (Step 7. Upload the Client Certificate CA certificate used to sign the client certificate in a form of a PEM or DER file.) What exactly is this cert? is it a root cert from our internal CA? I am not all that familiar with certs so wanted to clarify. https://documentation.meraki.com/MR/Encryption_and_Authentication/Meraki_Local_Authentication_-_MR_802.1X
... View more
Labels:
- Labels:
-
SSID
- « Previous
-
- 1
- 2
- Next »
My Top Kudoed Posts
| Subject | Kudos | Views |
|---|---|---|
| 3 | 3259 | |
| 2 | 1220 |
