Active Directory with layer 3 switch between MX and users

VincentD
Comes here often

Active Directory with layer 3 switch between MX and users

Hi,

 

Is it possible with MX to authenticate users who are behind a layer 3 switch (non meraki) ?

Is there some restrictions ? Did someone already tried to do this ?

 

Thanks for your help

VincentD
3 Replies 3
PhilipDAth
Kind of a big deal
Kind of a big deal

The users have to be layer 2 adjacent to the MX and the MX acting as their default gateway.  The MX tracks the users by their MAC address.  When their is another device doing layer 3 routing the users still get the authentication prompt but the MX sees the MAC address of the layer 3 router instead.  So the first person works, but the second person will appear to be already signed in.

 

So this wont work.

VincentD
Comes here often

Is it the same problem if I put the MX in IP tracking (instead of MAC tracking) ?

VincentD
PhilipDAth
Kind of a big deal
Kind of a big deal

I'm 90% sure you will, yes.  However I have not tried the authentication case.

 

I can tell you that group policy still uses MAC addresses when using the IP tracking option.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels