What Is Cisco Meraki Access Manager (And Why You Need It)

Zero trust networking is no longer optional. As more devices connect from everywhere, IT teams need simple ways to authenticate users and endpoints without adding complex infrastructure.

That’s where Meraki Access Manager comes in.

💡 What Is Meraki Access Manager?

Meraki Access Manager is a cloud-native network access control (NAC) service, built right into the Cisco Meraki platform. It eliminates the need for external RADIUS servers, PKI infrastructure, or complicated on-premises setups.

Instead, you get:

• Cloud-Delivered NAC – Access control as-a-service

• Zero Trust Security – Authenticate every user and device before they connect

• Unified Management – Configure, monitor, and enforce policies directly in the Meraki dashboard

• Integrated Micro-Segmentation – Restrict lateral movement between devices to limit ransomware spread

• Scalability & High Availability – Built on Kubernetes with service clustering

In short: it’s the Meraki way of doing NAC, simple, scalable, and cloud-first.

🚀 Why You Need It

Traditional NAC can be painful. External RADIUS servers, VPN tunnels, load balancers, and certificate management make it expensive and hard to scale.

Access Manager fixes this by:

• Simplifying NAC → No more external RADIUS or on-prem hardware

• Cutting Costs → Delivered as a cloud service, so less infrastructure to buy and maintain

• Reducing Overhead → Manage policies in one place (the Meraki dashboard)

• Accelerating Zero Trust → Build and enforce segmentation policies faster

• Scaling with Your Network → Designed for high availability and horizontal scaling
  
  

And because it’s Meraki, it integrates seamlessly with your existing Meraki switches and access points.

🧩 How It Works

1. Endpoint connects → A device tries to join your network (wired or wireless).

2. Authentication request → AP or switch forwards the request to Access Manager services in the Meraki cloud over a secure AES256 tunnel.

3. Policy evaluation → Rules are checked against:

• User identity (from Entra ID / Azure AD and other IdPs)

• Endpoint details (certificates, MAC address, posture)

• Network context (SSID, VLAN, port)

4. Authorization applied → If a rule matches, Access Manager applies policy such as:

• Security Group Tag (SGT)

• VLAN assignment

• Group policy

• iPSK (identity pre-shared keys)

• Voice domain permission

The endpoint is now on the network, with the right level of access.

🔐 Authentication Methods Supported

• Certificate-based (EAP-TLS) – strongest option, integrates with external Certificate Authorities

• Username/password (EAP-TTLS/PAP) – with Entra ID lookup

• MAC Authentication Bypass (MAB) – for IoT, OT, or legacy devices

• iPSK (identity pre-shared key) – unique keys per device or group

Fallback mechanisms like critical VLAN or fail open ensure continuity if cloud services are unavailable.

🌍 Hardware Compatibility

Meraki Access Manager works with most Meraki MR access points and Meraki MS switches running the latest firmware:

• Switches: MS1XX, MS2XX, MS3XX, MS4XX, MS390, Cloud-Managed Catalyst (min MS17/CS17.1 firmware)

• APs: MR Wi-Fi 5 (Wave 2), MR Wi-Fi 6, MR Wi-Fi 6E, and upcoming Wi-Fi 7 models (min MR30.7 firmware)

📊 Use Cases

1. Managed Endpoints

Use certificate-based authentication with Azure AD lookup to assign VLANs, SGTs, or group policies.

2. User Authentication

Secure access with username/password auth tied to Entra ID attributes like job role, city, or department.

3. IoT & OT Devices

For devices that can’t do 802.1X, use MAC Authentication Bypass (MAB) or iPSK for secure onboarding.

🆓 Early Access & Licensing

Access Manager is currently in early access preview.

• Available free to all orgs during the preview (no license enforcement yet)

• Can be enabled under Organization > Early Access in the Meraki dashboard

• Licensing details for general availability will be announced soon

✅ Final Thoughts

Meraki Access Manager is Cisco’s answer to complex, outdated NAC systems. By moving it to the cloud, it:

• Removes the need for RADIUS servers and PKI headaches

• Centralizes management inside the Meraki dashboard

• Accelerates your zero trust journey with simple micro-segmentation

• Works seamlessly with your Meraki switches and access points

📦 Want to try it?

If Access Manager is available in your dashboard, enable it under Early Access and start testing, no extra license required (for now).