Overview
This document outlines the steps you will need to take to configure your Meraki wireless network for WPA2-Enterprise encryption with 802.1X authentication against your Google Apps domain. With this feature, your users will be able to use their Google Apps credentials to access your secure wireless network.
Supported Operating Systems
EAP-TTLS/PAP is required on client devices. The following operating systems have native support:
- iOS version 3.1.3 and higher.
- Mac OS X 10.4 and higher.
- Microsoft Windows 8 and higher.
- Microsoft Windows Phone 8.1 and higher.
- Google Chrome OS.
- Android version 2.1 and higher.
- Blackberry 6A and higher.
Other operating systems may enable support by installation of a certified third-party Encryption Control Protocol (ECP) client. OEM wireless adapter device drivers may also provide support.
Configuration
The following sections walk through configuration of 802.1X authentication with Google Auth.
Enable 2-factor Authentication in your Google Apps Domain
Please refer to Google's documentation regarding how to enable 2-factor auth.
- Users in your Google Apps domain will need to create an ‘App Specific Password.’
Please refer to Google's documentation for details. - The ‘App Specific Password’ will be the password used for WPA2-Enterprise login on the client devices.
Enable Single Factor Authentication
If you are not using 2-factor authentication on your Google Apps Domain, you can also enable users to connect with their Google username and password.
- Login to admin.google.com
- Click on Security > Basic Settings > Go to settings for less secure apps
- To require your users to use an application specific password, select Disable access to less secure apps
- To allow individual users to enable Google login without 2-factor auth, select Allow users to manage their access
- To enable all users to support Google login without 2-factor auth, select Enforce access to less secure apps
If you allow users to enable this feature, you can provide them the following instructions to login with their Google username and password.
- Login to google.com and sign in to your Google Apps account.
- In top right and open up the circular image. Click ‘My Account’
- Choose Sign-in & security > Then Signing in to Google
- Scroll down and enable ‘Allow less secure apps’
Why does Google specify this as less secure? Google categorizes all authentication based on the source and determines if it is coming from a Google product. By default, Google does not accept sign-ins from a non-Google source such as the Meraki access points.
Contact Meraki to Enable this Feature
Contact Meraki Support to request activation of the Google Apps 802.1X Authentication feature on one Meraki network or your entire Meraki organization.
Enable WPA2-Enterprise with Google from Meraki Dashboard
- In Dashboard, go to Wireless > Configure > Access control.
- Select the desired SSID for this feature.
- Under Network access > Association requirements, select WPA2-Enterprise with Google
- Enter your Google Apps domains into Allowed domains. To configure multiple domains, simply separate them by a space (e.g. example1.com example2.com example3.com).
(Optional) Configure your Client Devices to use EAP-TTLS+PAP
Please refer to our documentation on configuring EAP-TTLS + PAP on Mac OS X/iOS or Microsoft Windows.
