Hi Karstenl,

Did you mean that using Radius MAC-based authentication for mobile devices?

Many Thanks.

No, EAP-TLS uses certificates. MAC based authentication should not be used for corporate access as MAC addresses can easily be spoofed.

Also think about using Sentry with the Meraki MDM. By enrolling the device in MDM it can automatically get a certificate to connect to a secure SSID.

Yeah true but MDM has required additional license from the Meraki support.

Yes, it's a paid license. But IMO worth it at least for company owned mobile devices.

Thanks but we can achieve this without MDM too right? I think using Radius EAP-TLS we can get this done.

Yes, you just have to compare the cost of the license with the effort you have to make in building and operating your own CA. If the CA is only for WLAN, I assume that Meraki SM could be less pricy.

If you are a friend of RedHat/CentOS/Fedora-Linux, then dogtag-CA could be a solution. For Windows Server there is a build in CA.

OK Thanks for that.

Agree with @PhilipDAth this can be done. I setup a test bench server & client doing this very thing a few weeks again. 

Of course PEAP can be used...and will work for a specific amount of time. But please note that @KarstenI made a very valid point: "Just imagine you change your password on your PC and the phone (with the saved old password) tries to reconnect several times". It's definitely error prone, as seen with more than one client of ours.