Buy or Renew
Buy or Renew
NEW: Try the Beta AI Summary feature on posts in the Routing and SD-WAN forum. Click to go to the forum.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1660
Views
4
Helpful
2
Replies

Wireless authentication assistance

texasjet79
Level 1
Level 1

‎02-28-2024 06:25 AM

They want to change some authentication for Wireless users

  1. We want to change the way users authenticate to the Internal Private. It doesn't make sense to keep our internal network as an SSID with a password that most people know. How are others authenticating internal users on devices that are on SSO in a easy secure manner?
  2. We want to change - Guest into a more secure and segregated VLAN and introducing a new way for guests to authenticate as well instead of having an open password to everyone and no idle time or anything. How are others doing this. What would recommendations be
  3. What are ways where we can introduce a BYOD network to users that want to bring their cell phones/tablets to work, where the VLAN is similar to the guest one but with a similar authentication to the - Internal Private? obviously we could take them to a integrated splash page.
Labels:
0 Helpful
2 Replies 2

aleabrahao
Meraki Community All-Star
Meraki Community All-Star

‎02-28-2024 06:48 AM

Hi,

Considering what you said, there are some possibilities.

For internal users, you can consider using 802.1X/EAP authentication methods1. This method is more secure and has replaced some outdated methods that have security weaknesses. You can also consider using multi-factor authentication methods to strengthen security while continuing to prioritize usability.

For guest network, you can create a separate VLAN for your guests. This prevents unauthorized access and associated security issues by isolating guest devices from the internal network.

For a BYOD network, you can consider using the same 802.1X/EAP authentication methods as your internal network. Additionally, you can use Single Sign-On tools that let employees use a single password to access a portal of company and cloud applications.

Of course, this is just a general recommendation, there are other options like Meraki's MDM.

https://meraki.cisco.com/products/systems-manager/

I am not a Cisco employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

Philip D'Ath
Meraki Community All-Star
Meraki Community All-Star

‎02-28-2024 12:00 PM

"Trusted Access" might be perfect for your BYOD use case.

https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Trusted_Access_for_Secure_Wireless_Connectivity

You could also consider using Meraki Systems Manager for company assets (you can't be using another MDM already for this option).

https://documentation.meraki.com/SM/Deployment_Guides/Systems_Manager_Sentry_Overview

If you are happy to run an internal RADIUS server and Windows CA server you can also use WPA2 Enterprise mode. This covers a lot of that:
https://documentation.meraki.com/MR/Encryption_and_Authentication/Configuring_RADIUS_Authentication_with_WPA2-Enterprise

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card