Home > Enterprise Mobility Management > Other Topics > Configuring EAP-TLS Wireless Authentication with Systems Manager Sentry Wifi

Configuring EAP-TLS Wireless Authentication with Systems Manager Sentry Wifi

Systems Manager Sentry Wi-Fi security provides automatic certificate-based EAP-TLS configuration in just a few clicks, eliminating the need for the use of a certificate authority (CA) and the additional management required for each device and user.

This article outlines how to integrate SM Sentry with Cisco Meraki MR access points for EAP-TLS wireless authentication.

Use Case

Commonly, network administrators want to configure different settings for corporate owned devices, employee owned devices, and guests. Each group of users will likely have their own separate SSID, with an additional SSID for onboarding:


Use Case

Default SSID Policy


Corporate-owned devices only

Full access on Corporate VLAN


Employee-owned devices

Limited Corporate access

Some apps optionally limited

Higher bandwidth than Guest


All others

Filtered Internet

Rate limit

No corporate devices


Onboarding to Corp network only

Restricted to onboarding

Configuring EAP-TLS using Systems Manager Sentry WiFi Security

The following instructions explain how to apply EAP-TLS to corporate-owned devices tagged as "Corp" in our example network.

  1. In Dashboard, navigate to Wireless > Configure > SSID and enable/name each SSID.
    The example image below shows four SSIDs: SL-corp, SL-byod, SL-guest and SL-corp-onboarding:
  2. Navigate to Wireless > Configure > Access Control:
  3. Select the device tags to be associated with EAP-TLS. This automatically creates a Systems Manager profile for the SL-corpSSID to use EAP-TLS and installs a client certificate from the Dashboard for each client (this profile will not appear under MDM > Settings).EAP3.png
  4. Click Save Changes. EAP-TLS is now configured for all tagged corp devices:EAP4.png

You must to post a comment.
Last modified
15:01, 2 Aug 2016


This page has no custom tags.


This page has no classifications.

Article ID

ID: 5247

Contact Support

Most questions can be answered by reviewing our documentation, but if you need more help, Cisco Meraki Support is ready to work with you.

Open a Case