Configuring Clients for 802.1X and Meraki Authentication
Windows 10
The following steps will configure a Windows 10 client to use 802.1X with Meraki Authentication (NOTE: these are instructions for the 802.1X with Meraki Authentication only. Customer-based RADIUS server configuration requirements are specific to the customer's own RADIUS server and can vary widely):
- Click the "Start" menu
- Navigate to Settings (Gear Icon) > Network & Internet > Wi-Fi > Manage Known Networks
- Click 'Network and Sharing Center'
- Select 'Set up a new connection or network'
- Select 'Manually connect to a wireless network'
- Enter the SSID name in the 'Network name:' field
- Select 'WPA2-Enterprise' in the 'Security type:' drop down
- Select your encryption type from the 'Encryption type' drop down
- Click 'Next'
- When 'Successfully added' appears click 'Change connection settings'
- Select the 'Security' tab
- Click the 'Advanced settings' button
- On the '802.1X settings' tab, check the box 'Specify authentication mode' and choose 'User Authentication' from the drop down
- Click 'OK'
- Back on the 'Security' tab, make sure 'Choose a network authentication method' is set to 'EAP (PEAP)' and then click the 'Settings' button
- Click 'OK'
- For 'Protected EAP Properties' uncheck 'Validate server certificate' or if you choose to validate server certificate make sure 'Go Daddy Class 2 Certification Authority' and/or 'http://valicert.com' is checked in the 'Trusted Root Certification Authorities' list.
- Click the 'Configure' button
- Uncheck 'Automatically use my Windows logon name'
- Click 'OK' to close all the open dialog boxes
Apple macOS
The following steps will configure a macOS client to use 802.1X with Meraki Authentication (NOTE: these are instructions for the 802.1X with Meraki Authentication only. Customer-based RADIUS server configuration requirements are specific to the customer's own RADIUS server and can vary widely):
- Go to System Preferences => Network => AirPort => Advanced => 802.1X
- Click the "+" button in the lower left corner of the screen to add a new user profile
- Enter your user name and password given to you by your network administrator into the fields to the right.
- Select your network from the drop down list of menus
- Make sure TTLS and PEAP checkboxes are selected
- Click "OK"
- You should now be able to connect to the network.
Android
The following steps will configure an Android client to use 802.1X with Meraki Authentication (NOTE: these are instructions for the 802.1X with Meraki Authentication only. Customer-based RADIUS server configuration requirements are specific to the customer's own RADIUS server and can vary widely):
- Go to Settings > Wi-Fi
- Open the options menu by clicking the context menu button:
Note: This step may vary by device, or on tablets. The Add Wi-Fi option may not be hidden behind a context menu.
- Select Add Wi-Fi
- Enter the Network SSID name and choose 802.1X EAP from the Security drop-down menu
- Choose PEAP from the EAP method drop-down menu
- Choose MSCHAPV2 from the Phase 2 authentication drop-down menu
- Enter the domain and username in the Identity field. Use the domain/username format
- Enter the password for the corresponding username in the password field
- Optionally, check the Show Password check-box to verify that the password was entered correctly
- Press Save in order to save the changes
Windows 8
Unlike previous versions of the OS, Windows 8 will not attempt to automatically use local credentials for wireless connections. As such, associating with an 802.1X-protected SSID consists of simply connecting to the network, as outlined below:
- Navigate to the Desktop.
- Select the wireless network icon on the lower-right hand of the screen.
- Select the intended SSID on the right.
- Check/uncheck the Connect automatically option as intended, and press Connect.
- Enter the email address and password of the Meraki RADIUS user, in the User name and Password fields respectively.
- Select Connect.
- If prompted about a certificate warning, select Connect again.