https://community.cisco.com/t5/wireless/meraki-local-authentication-mr-802-1x/m-p/5496817#M300446 <P>I would expect it to work. Basically both User- and Machine certificates are the same. They are just used and stored differently. And the CN/SAN holds a valid username in one case and a domain-machine in the other.</P> Sat, 16 Sep 2023 14:24:49 GMT Karsten Iwen 2023-09-16T14:24:49Z https://community.cisco.com/t5/wireless/meraki-local-authentication-mr-802-1x/m-p/5496815#M300444 <P>I've been reading this article <A href="https://documentation.meraki.com/MR/Encryption_and_Authentication/Meraki_Local_Authentication_-_MR_802.1X" target="_blank" rel="noopener nofollow noreferrer">https://documentation.meraki.com/MR/Encryption_and_Authentication/Meraki_Local_Authentication_-_MR_802.1X</A></P><P>Which says that Meraki MR Local Auth can authenticate user certificates but I need to know if it can authenticate Machine certificates in the same way?</P><P>I'm trying to remove the requirement for a RADIUS server, which this looks like it does by running RADIUS locally on the MR.</P><P>Thanks</P> Sat, 16 Sep 2023 12:03:15 GMT https://community.cisco.com/t5/wireless/meraki-local-authentication-mr-802-1x/m-p/5496815#M300444 ajtsystems 2023-09-16T12:03:15Z https://community.cisco.com/t5/wireless/meraki-local-authentication-mr-802-1x/m-p/5496816#M300445 <P>As far as I know, user-level authentication is only possible with local authentication.</P><P>Basically what the AP does is store user information in cache and thus it can maintain authentication in case of communication failure with the LDAP server.</P> Sat, 16 Sep 2023 12:48:03 GMT https://community.cisco.com/t5/wireless/meraki-local-authentication-mr-802-1x/m-p/5496816#M300445 aleabrahao 2023-09-16T12:48:03Z https://community.cisco.com/t5/wireless/meraki-local-authentication-mr-802-1x/m-p/5496817#M300446 <P>I would expect it to work. Basically both User- and Machine certificates are the same. They are just used and stored differently. And the CN/SAN holds a valid username in one case and a domain-machine in the other.</P> Sat, 16 Sep 2023 14:24:49 GMT https://community.cisco.com/t5/wireless/meraki-local-authentication-mr-802-1x/m-p/5496817#M300446 Karsten Iwen 2023-09-16T14:24:49Z https://community.cisco.com/t5/wireless/meraki-local-authentication-mr-802-1x/m-p/5496818#M300447 <P>For local certificate authenticate, you upload a root CA certificate. The MR will alow anything to authenticate that uses a certificate from that root CA certificate.</P><P>It doesn't matter if it is a user or a machine.</P> Mon, 18 Sep 2023 07:27:52 GMT https://community.cisco.com/t5/wireless/meraki-local-authentication-mr-802-1x/m-p/5496818#M300447 Philip D'Ath 2023-09-18T07:27:52Z