Buy or Renew
Buy or Renew
Meraki Community is live! Welcome Meraki Members! Learn more here.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
8942
Views
2
Helpful
9
Replies

WiFi access

Go to solution
Adrian41
Level 6
Level 6

‎02-28-2024 07:01 AM

Hello,

I am looking at improving the way end user devices connect to our internal wifi (laptops, phones, pcs etc).

I want to use a Certificate based system like EAP-TLS, however I am not sure how a brand new device would be able to get its certificate from the CA since it needs a cert to get onto wifi to contact the CA lol.


I am in the process of trying to get management to buy systems manager for us and wondered if this is something else it could do for us.

At first I wondered if it could somehow deploy the certificate before the machine joins the domain/network but then I wondered if all that would even be necessary - does systems manager have its own set of tools for managing network access?

Thanks!

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
GreenMan
Cisco Employee
Cisco Employee
In response to Adrian41

‎02-28-2024 08:43 AM

As much as most customers find the big advantages with Meraki coming from using multiple products (in your use case, mainly MR and SM - because you can then use SM Sentry: https://documentation.meraki.com/SM/Deployment_Guides/Systems_Manager_Sentry_Overview)

There are plenty of customers out there who only use SM, from the Meraki portfolio; you can still provision wifi profiles and certicates to your managed devices, it's just not nearly as easy to set up and integrated as with Sentry WiFi.

View solution in original post

9 Replies 9

Go to solution
aleabrahao
Meraki Community All-Star
Meraki Community All-Star

‎02-28-2024 07:29 AM

Yes, you will need to install an agent on each device.

https://documentation.meraki.com/SM/Systems_Manager_Quick-Start

I am not a Cisco employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

Go to solution
Adrian41
Level 6
Level 6
In response to aleabrahao

‎02-28-2024 08:28 AM

thanks for the link, thats very helpful!


does System Manager require a fully Meraki hardware environment? We have some sites that are all meraki but some still use older non Meraki switches (tho I'm sure we are fully Meraki when it comes to Access Points).

0 Helpful

Go to solution
aleabrahao
Meraki Community All-Star
Meraki Community All-Star
In response to Adrian41

‎02-28-2024 08:37 AM

The limitation will actually be the supported client devices.

image.png

https://meraki.cisco.com/product-collateral/systems-manager-datasheet/?file

I am not a Cisco employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Helpful

Go to solution
Adrian41
Level 6
Level 6
In response to aleabrahao

‎02-28-2024 08:43 AM

it just seems to talk about how well it integrates with other Meraki Networking products.

What if you dont have any meraki Hardware? Can it still be used as a standalone solution?

0 Helpful

Go to solution
GreenMan
Cisco Employee
Cisco Employee
In response to Adrian41

‎02-28-2024 08:43 AM

As much as most customers find the big advantages with Meraki coming from using multiple products (in your use case, mainly MR and SM - because you can then use SM Sentry: https://documentation.meraki.com/SM/Deployment_Guides/Systems_Manager_Sentry_Overview)

There are plenty of customers out there who only use SM, from the Meraki portfolio; you can still provision wifi profiles and certicates to your managed devices, it's just not nearly as easy to set up and integrated as with Sentry WiFi.

Go to solution
Adrian41
Level 6
Level 6
In response to GreenMan

‎02-28-2024 08:45 AM

thanks very much!

0 Helpful

Go to solution
Philip D'Ath
Meraki Community All-Star
Meraki Community All-Star

‎02-28-2024 11:56 AM

Initial provisioning can be done with a wired connection or a provisioning SSID.

Note you can only use a single MDM on a device.

Microsoft Intune has recently released an interesting option, Cloud PKI. This should work with "Local Auth" certificate authentication on the MRs (disable passwords for this configuration).

https://www.microsoft.com/en-us/security/business/endpoint-management/microsoft-cloud-pki

https://documentation.meraki.com/MR/Encryption_and_Authentication/Meraki_Local_Authentication_-_MR_802.1X#Certificate_Caching_(Certificate_Auth)

0 Helpful

Go to solution
gary5555
Visitor

‎08-20-2025 04:37 PM

Check out this solution

Meraki access manager + cloud pki

https://www.hypershift.com/blog/meraki-intune-cloud-pki

0 Helpful

Go to solution
Adrian41
Level 6
Level 6
In response to gary5555

‎08-21-2025 12:31 AM

very exciting!

although that guide, and what i can see in dashboard seems to be that its only for use with a cloud CA? rather than that just being an option.

atm I'd like to just get it to handle radius for us and use our on-prem certificate server to handle Windows clients requests.

I would like to bring Intune and SCEP later for mobile devices but they would still be using our on-prem server...but thats a later thing.

0 Helpful
Customers Also Viewed These Support Documents