Configuring Clients for 802.1X and Meraki Authentication

Windows 10

The following steps will configure a Windows 10 client to use 802.1X with Meraki Authentication (NOTE:  these are instructions for the 802.1X with Meraki Authentication only.  Customer-based RADIUS server configuration requirements are specific to the customer's own RADIUS server and can vary widely):

1. Click the "Start" menu
2. Navigate to Settings (Gear Icon) > Network & Internet > Wi-Fi > Manage Known Networks
3. Click 'Network and Sharing Center'
4. Select 'Set up a new connection or network'
5. Select 'Manually connect to a wireless network'
6. Enter the SSID name in the 'Network name:' field
7. Select 'WPA2-Enterprise' in the 'Security type:' drop down
8. Select your encryption type from the 'Encryption type' drop down
9. Click 'Next'
10. When 'Successfully added' appears click 'Change connection settings'
11. Select the 'Security' tab
12. Click the 'Advanced settings' button
13. On the '802.1X settings' tab, check the box 'Specify authentication mode' and choose 'User Authentication' from the drop down
14. Click 'OK'
15. Back on the 'Security' tab, make sure 'Choose a network authentication method' is set to 'EAP (PEAP)' and then click the 'Settings' button
16. Click 'OK'
17. For 'Protected EAP Properties' uncheck 'Validate server certificate' or if you choose to validate server certificate make sure 'Go Daddy Class 2 Certification Authority' and/or 'http://valicert.com' is checked in the 'Trusted Root Certification Authorities' list.
18. Click the 'Configure' button
19. Uncheck 'Automatically use my Windows logon name'
20. Click 'OK' to close all the open dialog boxes

Apple macOS

The following steps will configure a macOS client to use 802.1X with Meraki Authentication (NOTE:  these are instructions for the 802.1X with Meraki Authentication only.  Customer-based RADIUS server configuration requirements are specific to the customer's own RADIUS server and can vary widely):

1. Go to System Preferences => Network => AirPort => Advanced => 802.1X
2. Click the "+" button in the lower left corner of the screen to add a new user profile
3. Enter your user name and password given to you by your network administrator into the fields to the right.
4. Select your network from the drop down list of menus
5. Make sure TTLS and PEAP checkboxes are selected
6. Click "OK"
7. You should now be able to connect to the network.

Android

The following steps will configure an Android client to use 802.1X with Meraki Authentication (NOTE: these are instructions for the 802.1X with Meraki Authentication only.  Customer-based RADIUS server configuration requirements are specific to the customer's own RADIUS server and can vary widely):

1. Go to Settings > Wi-Fi
2. Open the options menu by clicking the context menu button:  

3. Select Add Wi-Fi
4. Enter the Network SSID name and choose 802.1X EAP from the Security drop-down menu
5. Choose PEAP from the EAP method drop-down menu
6. Choose MSCHAPV2 from the Phase 2 authentication drop-down menu
7. Enter the domain and username in the Identity field. Use the domain/username format
8. Enter the password for the corresponding username in the password field
9. Optionally, check the Show Password check-box to verify that the password was entered correctly
10. Press Save in order to save the changes

Windows 8

Unlike previous versions of the OS, Windows 8 will not attempt to automatically use local credentials for wireless connections. As such, associating with an 802.1X-protected SSID consists of simply connecting to the network, as outlined below:

1. Navigate to the Desktop.
2. Select the wireless network icon on the lower-right hand of the screen.
3. Select the intended SSID on the right.
4. Check/uncheck the Connect automatically option as intended, and press Connect.
5. Enter the email address and password of the Meraki RADIUS user, in the User name and Password fields respectively.
6. Select Connect.
7. If prompted about a certificate warning, select Connect again.