Configuring Clients for 802.1X and Meraki Authentication
Connecting to an SSID using Meraki Authentication
The following steps provide instructions on how to configure a specific OS to use 802.1X with Meraki Authentication. These steps may not be the same when configuring 802.1X authentication for every RADIUS server configuration as these can vary widely.
Windows 11
-
Click the Start menu
-
Search for Control Panel
-
navigate to Network and internet > view networks status and tasks > set up a new connection or network
-
Chose manually connect to a wireless network
-
Type the SSID name in the Network name field
-
Under Security type, select WPA2-Enterprise
-
Encryption type will be AES.
-
Click Next
-
When Successfully added,click Change connection settings
-
Select the Security tab
-
Click Advanced setting button
-
Under the 802.1X settings tab, check the box Specify authentication mode and select User Authentication from the drop down
-
Click OK
-
Go back to the Security tab, confirm Choose a network authentication method is set to Microsoft: EAP(PEAP)
-
Click Settings button
-
Under Protected EAP Properties > when connecting, uncheck Validate server certificate
- If you want to validate the server certificate, please ensure DigiCert Certification Authority and http://valicert.com are checked on the Trusted Root Certification Authorities list. -
under select authentication method choose secured password (EAP-MSCHAP v2)
-
Click the Configure button
-
Uncheck Automatically use my Windows logon name
-
Click OK
Windows 10
- Click the Start menu.
- Search for Control Panel.
- Select the view by drop down in the top right hand corner and click large or small icons.
- Click Network and Sharing Center.
- Select Set up a new connection or network.
- Select Manually connect to a wireless network.
- Type the SSID name in the Network name field.
- Under Security type, select WPA2-Enterprise.
- Under Encryption type, select your encryption type from the drop down.
- Click Next.
- When Successfully added appears click Change connection settings.
- Select the Security tab.
- Click Advanced setting button.
- Under the 802.1X settings tab, check the box Specify authentication mode and select User Authentication from the drop down.
- Click OK.
- Go back to the Security tab, confirm Choose a network authentication method is set to EAP (PEAP).
- Click Settings button.
- Click OK.
- Under Protected EAP Properties, uncheck Validate server certificate
- if you do want to validate server certificate, please make sure DigiCert Certification Authority and http://valicert.com is checked in the Trusted Root Certification Authorities list.
- Click the Configure button.
- Uncheck Automatically use my Windows logon name.
- Click OK.
Apple macOS
- Go to System Preferences > Network > Wi-Fi
- Select the SSID from the network drop down
- Type in your username and password
- The username is the email address added under Network-wide > Users for the specific SSID
- Click Join
- Click Connect to trust the certificate and join the SSID If there is a certificate warning
- macOS may prompt for an administrator password to add an exception for the certificate
Android
- Go to Settings > Wi-Fi
- select Add network or select the SSID you created under WLAN if it is already showing.
- Choose PEAP from the EAP method drop-down menu.
- Choose MSCHAPV2 from the Phase 2 authentication drop-down menu.
- Choose Use system certificates under CA certificate.
- Choose Do not verify under Online certificate status.
- Type Meraki.com for the Domain.
- Type your username in the Identity field.
- The username is the email address added under Network-wide > Users for the specific SSID.
- Enter the password you configured for that user.
- Click Save.
Windows 8
Windows 8 will not attempt to automatically use local credentials for wireless connections unlike previous versions of Windows
- Navigate to the Desktop
- Click on the wireless network icon
- Select the SSID from the list
- Click Connect
- Enter the Username and Password using the email address added under Network-wide > Users for the specific SSID
- Click Connect
- If you see a certificate warning click Connect to trust the certificate and join the SSID
Chrome OS
- Click the Search button and type Network
- Under the Network section, click Wi-Fi
- Search and click the appropriate SSID
- Select PEAP as the EAP method
- Choose MSCHAPV2 from EAP Phase 2 authentication drop-down menu
- Type your username in the Identity field
- The username is the email address added under Network-wide > Users for the specific SSID
- Enter the Password
- Click Connect