Please clarify this for me. You are adding a public IP address to Meraki for the Radius server but not selecting "RadSec," so how is the connection secured? My understanding is that radius auth via the WAN is not an encrypted connection unless you are using a VPN or RadSec.
EAP-TLS creates a TLS tunnel by default using the server and client certificate. If you are using EAP-TTLS then it is encrypted using the server certificate. We have a video explaining that here: ua-cam.com/video/A-rNeYL9BUI/v-deo.html
We have tested this feature, it is working fine on windows, android devices, however, it is not working on iPhones, it seems the iPhones doesn't support EAP-TTLS/PAP by default, any workaround for this?
Hi, yes there is, you must create a profile for the iPhone, www.keytos.io/docs/cloud-radius/setup-radius-in-mdm/in-device/#how-to-configure-eap-ttlspap-on-macos-for-radius-authentication-with-entra-id-passwords
Unfortunately not, this is for username and password authentication. For a more secure authentication we recommend using certificates issued by your MDM ua-cam.com/video/LV6gN15QWLI/v-deo.html
Please clarify this for me. You are adding a public IP address to Meraki for the Radius server but not selecting "RadSec," so how is the connection secured? My understanding is that radius auth via the WAN is not an encrypted connection unless you are using a VPN or RadSec.
EAP-TLS creates a TLS tunnel by default using the server and client certificate. If you are using EAP-TTLS then it is encrypted using the server certificate. We have a video explaining that here: ua-cam.com/video/A-rNeYL9BUI/v-deo.html
We have tested this feature, it is working fine on windows, android devices, however, it is not working on iPhones, it seems the iPhones doesn't support EAP-TTLS/PAP by default, any workaround for this?
Hi, yes there is, you must create a profile for the iPhone, www.keytos.io/docs/cloud-radius/setup-radius-in-mdm/in-device/#how-to-configure-eap-ttlspap-on-macos-for-radius-authentication-with-entra-id-passwords
Hi there, Will this work for Entra ID accounts that have MFA?
Unfortunately not, this is for username and password authentication. For a more secure authentication we recommend using certificates issued by your MDM ua-cam.com/video/LV6gN15QWLI/v-deo.html