Meraki SM Is Being Discontinued. Here’s What That Means for Your WiFi.
An honest look at what you lose with Meraki SM end-of-sale and how IronWiFi fills the WiFi authentication gap — without replacing your Meraki hardware.
What’s Actually Happening
Cisco announced on December 3, 2025 that Meraki Systems Manager is being discontinued. Due to limited growth and ongoing operational costs, Cisco is exiting the MDM market entirely.
Key Dates You Need to Know
End-of-sale announced: December 3, 2025
Last day to purchase new licenses: June 3, 2026
Support ends: June 3, 2029
Cisco’s MDM recommendation: Ivanti Neurons for MDM
For the MDM piece — app deployment, device inventory, remote wipe — Cisco has partnered with Ivanti. But SM also handled WiFi authentication, certificate distribution, and network access policies. That’s where most MDM replacements leave a gap.
IronWiFi fills that specific gap: cloud RADIUS authentication, SCEP certificate deployment, and device trust verification that works with your existing Meraki APs and whatever MDM you choose next.
What SM Did for WiFi (That You Need to Replace)
Meraki SM wasn’t just an MDM — it also handled several WiFi-related functions. Here’s how the responsibilities split when you migrate:
IronWiFi Handles (WiFi Authentication Layer)
- RADIUS authentication — 802.1X with EAP-TLS, PEAP, TTLS for WPA2/WPA3-Enterprise
- Certificate deployment — Cloud SCEP gateway pushes WiFi certs through your MDM (no NDES)
- Device trust & posture — Verify MDM compliance before granting network access
- Identity provider integration — Entra ID, Okta, Google Workspace, Active Directory, LDAP
- Network access policies — VLAN assignment, conditional access, role-based rules
Your New MDM Handles (Device Management Layer)
- App deployment and management
- Device inventory and tracking
- Remote wipe and lock
- OS update policies
- Compliance enforcement (feeds into IronWiFi device trust)
Side-by-Side: Meraki SM vs IronWiFi for WiFi
| Capability | Meraki SM | IronWiFi |
|---|---|---|
| WiFi RADIUS Authentication | Basic (dashboard-bound) | ✓ Full cloud RADIUS (6 regions) |
| Certificate Deployment | Via SM MDM profiles | ✓ Cloud SCEP (works with any MDM) |
| Device Posture / Trust | SM compliance policies | ✓ MDM-agnostic posture checks |
| Identity Sources | Meraki dashboard | ✓ Entra ID, Okta, Google, AD, LDAP |
| AP Vendor Support | Meraki only | ✓ 200+ vendors including Meraki |
| High Availability | Single region | ✓ 6 global regions, built-in HA |
| Monitoring & Logs | Dashboard analytics | ✓ Real-time dashboard + exportable |
| Future Development | × Discontinued | ✓ Active development |
What IronWiFi Doesn’t Replace (And We’re Upfront About It)
IronWiFi is not an MDM. We don’t do app management, remote wipe, device inventory, or OS update policies. If you need those capabilities — and most organizations do — pair IronWiFi with one of these:
- Microsoft Intune — Best if you’re already in the Microsoft ecosystem
- Jamf Pro — Best for Apple-heavy environments
- Ivanti Neurons for MDM — Cisco’s recommended SM replacement
- VMware Workspace ONE — Strong for multi-platform enterprises
IronWiFi integrates with all of them. Your MDM handles device management; IronWiFi handles WiFi authentication. Together, they fully replace what Meraki SM did.
How to Migrate Your WiFi Auth from Meraki SM
Most teams complete this in under an hour. You can run IronWiFi alongside SM during the transition for zero downtime.
Step 1: Configure IronWiFi as Your RADIUS Server
In the Meraki Dashboard, go to Wireless > Access Control and add IronWiFi as an external RADIUS server. This takes about 5 minutes per SSID. Your Meraki APs now authenticate against IronWiFi’s cloud RADIUS.
Step 2: Connect Your Identity Provider
Link IronWiFi to your existing identity provider — Microsoft Entra ID, Okta, Google Workspace, or Active Directory. Your users and groups sync automatically.
Step 3: Deploy Certificates via Your New MDM
Create a SCEP profile in Intune, Jamf, or Ivanti pointing to IronWiFi’s cloud SCEP gateway. Certificates deploy automatically to managed devices — no NDES infrastructure required.
Step 4: Cut Over
Once everything is verified, remove SM from the authentication path. Your users authenticate the same way they always did — they won’t notice the switch.
The Bottom Line
If your Meraki SM was mainly handling WiFi authentication, certificates, and network access — IronWiFi is a straightforward replacement that keeps your existing Meraki infrastructure intact. Pair it with your new MDM and you’re covered.
Frequently Asked Questions
Is Cisco really discontinuing Meraki Systems Manager?
Yes. Cisco announced the end-of-sale on December 3, 2025. The last day to purchase new 1-year and 3-year licenses is June 3, 2026. Support continues until June 3, 2029, but no new features will be developed. Cisco has partnered with Ivanti for MDM, but the WiFi authentication piece needs its own solution.
Does IronWiFi replace everything Meraki SM does?
No, and we’re upfront about that. IronWiFi replaces the WiFi authentication and network access control capabilities — RADIUS, certificate deployment, device trust. For the MDM side (app management, remote wipe, device inventory), you’ll want Microsoft Intune, Jamf, or Ivanti. IronWiFi integrates with all of them.
Will my Meraki access points still work with IronWiFi?
Absolutely. IronWiFi works as an external RADIUS server that you configure in the Meraki Dashboard under Wireless > Access Control. Your MR, MX, and MS hardware continues to operate exactly as before — you’re just pointing RADIUS to the cloud instead of SM.
How long does migration take?
Most teams complete the migration in under an hour. The main steps are: point your Meraki RADIUS settings to IronWiFi (5 minutes per SSID), connect your identity provider, and deploy certificates via your MDM’s SCEP profile. You can run IronWiFi alongside SM during transition for zero downtime.
Ready to Replace Meraki SM WiFi Auth?
Start your free trial — keep your Meraki APs, upgrade your WiFi authentication.
Start Free Trial Schedule a Call