Buy or Renew
Buy or Renew
NEW: Try the Beta AI Summary feature on posts in the Routing and SD-WAN forum. Click to go to the forum.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3379
Views
3
Helpful
3
Replies

MR EAP Support

Go to solution
flyingframes
Level 3
Level 3

‎04-25-2022 05:45 PM

Can Meraki APs themselves be authenticated with a RADIUS server using any EAP method e.g. EAP-TLS or PEAP?

Or this question does not exist with Meraki since each AP is automagically authenticated due to being in the correct org in Meraki dashboard?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Brash
Meraki Community All-Star
Meraki Community All-Star

‎04-25-2022 06:35 PM

Clients connecting to the AP can be authenticated by RADIUS, but the AP's themselves are authenticated to the organisation and configured when connecting to the Meraki cloud.

That said, if you're looking to authenticate Meraki devices on the network, you can look at enabling Secure Connect.

SecureConnect - Cisco Meraki

View solution in original post

3 Replies 3

Go to solution
Brash
Meraki Community All-Star
Meraki Community All-Star

‎04-25-2022 06:35 PM

Clients connecting to the AP can be authenticated by RADIUS, but the AP's themselves are authenticated to the organisation and configured when connecting to the Meraki cloud.

That said, if you're looking to authenticate Meraki devices on the network, you can look at enabling Secure Connect.

SecureConnect - Cisco Meraki

Go to solution
MarcP829
Level 9
Level 9

‎04-25-2022 11:05 PM

@flyingframes wrote:

Can Meraki APs themselves be authenticated with a RADIUS server using any EAP method e.g. EAP-TLS or PEAP?

Or this question does not exist with Meraki since each AP is automagically authenticated due to being in the correct org in Meraki dashboard?

"Automagically" - Great 😄 😄 😄

0 Helpful

Go to solution
tcording
Level 3
Level 3

‎04-27-2022 10:05 PM

As much as I've known that Meraki does not support Dot1X to do AP authentication, that is really annoying from a secure edge scenario, especially when using Cisco switching (and furthermore when Cisco AP support Dot1x)

Why does Meraki not support this...

Saying this, we have also had issues with Cisco AP's doing Dot1x auth to switchports that fail when the port is configured as a trunk

The one thing you can look at if you have ISE is to use MAB and profiling to identify it as a Meraki AP, however there is a catch, from the little I've been looking into this so far there is no unique identifier (i.e. certificate detail) you can get from the AP to truly trust it.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card