https://community.cisco.com/t5/wireless/pki-solution-with-meraki/m-p/5498194#M300834 <P>Not sure I agree with your "No" here - unless I've misinterpreted something..?<BR />If a customer is looking to have clients connect to a Meraki MR-based SSID using Enterprise 802.1x, with certificates for EAP-TLS, this is supported - but <EM>it would need an external RADIUS server to accomplish</EM>; the PKI infrastructure would need to issue appropriate certs for both the RADIUS server and all the connecting clients, establishing the necessary bi-directional chain of trust.</P><P>Meraki could also achieve something very similar, natively, through use of the new Trusted Access feature, using Systems Manager licensing: <A href="https://documentation.meraki.com/zGeneral_Administration/Cross-Platform_Content/Trusted_Access_for_Secure_Wireless_Connectivity" target="_blank" rel="nofollow noopener noreferrer">https://documentation.meraki.com/zGeneral_Administration/Cross-Platform_Content/Trusted_Access_for_Secure_Wireless_Connectivity</A><BR />This is usually used for addressing Bring Your own Device (BYoD) requirements.</P> Thu, 06 Feb 2020 17:37:43 GMT GreenMan 2020-02-06T17:37:43Z https://community.cisco.com/t5/wireless/pki-solution-with-meraki/m-p/5498191#M300831 <P>Hi, </P><P class="p1"> </P><P class="p1"><SPAN class="s1">Is this doable? Connectivity to APs governed by machine ID certificates  provided Enterprise PKI solution?</SPAN></P> Thu, 06 Feb 2020 00:21:47 GMT https://community.cisco.com/t5/wireless/pki-solution-with-meraki/m-p/5498191#M300831 Slider 2020-02-06T00:21:47Z https://community.cisco.com/t5/wireless/pki-solution-with-meraki/m-p/5498192#M300832 <P>Answer would be a No. </P><P>More details on available encryption &amp; Auth modes on Meraki are on this doc.</P><P><A href="https://documentation.meraki.com/MR/Encryption_and_Authentication/Setting_a_WPA_Encryption_Mode" target="_blank" rel="nofollow noopener noreferrer">https://documentation.meraki.com/MR/Encryption_and_Authentication/Setting_a_WPA_Encryption_Mode</A></P><P>Interested to know what is the use case where you want to use the machine ID certs over the other options ?</P> Thu, 06 Feb 2020 01:51:15 GMT https://community.cisco.com/t5/wireless/pki-solution-with-meraki/m-p/5498192#M300832 mahensin 2020-02-06T01:51:15Z https://community.cisco.com/t5/wireless/pki-solution-with-meraki/m-p/5498193#M300833 <P>Thank you!</P> Thu, 06 Feb 2020 17:27:19 GMT https://community.cisco.com/t5/wireless/pki-solution-with-meraki/m-p/5498193#M300833 Slider 2020-02-06T17:27:19Z https://community.cisco.com/t5/wireless/pki-solution-with-meraki/m-p/5498194#M300834 <P>Not sure I agree with your "No" here - unless I've misinterpreted something..?<BR />If a customer is looking to have clients connect to a Meraki MR-based SSID using Enterprise 802.1x, with certificates for EAP-TLS, this is supported - but <EM>it would need an external RADIUS server to accomplish</EM>; the PKI infrastructure would need to issue appropriate certs for both the RADIUS server and all the connecting clients, establishing the necessary bi-directional chain of trust.</P><P>Meraki could also achieve something very similar, natively, through use of the new Trusted Access feature, using Systems Manager licensing: <A href="https://documentation.meraki.com/zGeneral_Administration/Cross-Platform_Content/Trusted_Access_for_Secure_Wireless_Connectivity" target="_blank" rel="nofollow noopener noreferrer">https://documentation.meraki.com/zGeneral_Administration/Cross-Platform_Content/Trusted_Access_for_Secure_Wireless_Connectivity</A><BR />This is usually used for addressing Bring Your own Device (BYoD) requirements.</P> Thu, 06 Feb 2020 17:37:43 GMT https://community.cisco.com/t5/wireless/pki-solution-with-meraki/m-p/5498194#M300834 GreenMan 2020-02-06T17:37:43Z https://community.cisco.com/t5/wireless/pki-solution-with-meraki/m-p/5498195#M300835 <P><A href="https://community.meraki.com/t5/user/viewprofilepage/user-id/2346">@GreenMan</A> is correct here.</P><P>This is a walk through guide.</P><P><A href="https://documentation.meraki.com/MR/Encryption_and_Authentication/Configuring_RADIUS_Authentication_with_WPA2-Enterprise" target="_self" rel="nofollow noopener noreferrer">https://documentation.meraki.com/MR/Encryption_and_Authentication/Configuring_RADIUS_Authentication_with_WPA2-Enterprise</A> </P> Thu, 06 Feb 2020 19:35:52 GMT https://community.cisco.com/t5/wireless/pki-solution-with-meraki/m-p/5498195#M300835 Philip D'Ath 2020-02-06T19:35:52Z