I ve setup the Nps and meraki configuration settings in order to use the authentication method using the steps in the above url.
Everything seems ok and the AP's are contacting with the radius server,.I want to test the scenario of a device(windows/android) that has not the Self signed certificate installed so it cannot access the wifi and the scenario where the device has the certificate and have access to the wifi.Is it something else i have to do except from the configuration that is explained below
You need to look at EAP-TLS not EAP-PEAP. EAP-TLS requires a certificate on the device and radius server and for both devices to trust the server. EAP-PEAP uses a username/password auth that only requires a radius certificate in which the device has to accept or trust. In your post, you need to implement EAP-TLS and that would be rules specified on the radius server.
Thank you for your answer.Can i ask you if there is a configuration sheet that describes all this process(how to configure nps and devices). Also i would like to ask you if i should try the connection in non domain or domain windows devices and if i can try it in android devices too.Is there an example of doing this test to the devices and how to make changes for the certificate?
I have found the above configuration about it.Is that correct?
Thanks for your support! I have just configured in Radius the above (see above attached images)for the eap-tls following the instractions of the guides. I test the connection to the Radius from Meraki dashboard and i still get error in testing. In event Viewer on Radius i get "The client could not be authenticated because the Extensible Authentication Protocol (EAP) Type cannot be processed by the server." Error code 22.In android device i use the configuration for tls
Can you help me if you have issued something like this?
I don't have NPS in my lab. What I can say is that when you use EAP-TLS, the device has to have the radius root CA installed in the trusted certificate store. The device would also need to have a valid user/device certificate installed properly. Have you reached out to Meraki support or the Meraki forum?
Is there any documentation of using a 3rd party certificate in EAP-TLS both in server ad clients(android,windows) according to the description of meraki's configuration sheet?
Is the proceedure the same as discribed above" device has to have the radius root CA installed in the trusted certificate store. The device would also need to have a valid user/device certificate installed properly."
Acquire a certificate from a trusted Certificate Authority As long as the CA used is trusted by clients on the network, a certificate can be purchased and uploaded into NPS to accomplish and server identity verification (required by clients). Common examples of trusted CAs include GoDaddy and VeriSign.
Learn, share, save
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
