Meraki

Community

Active Directory with layer 3 switch between MX and users

VincentD
Comes here often
‎Aug 18 2019 4:27 PM
‎Aug 18 2019 4:27 PM

Active Directory with layer 3 switch between MX and users

Hi,

 

Is it possible with MX to authenticate users who are behind a layer 3 switch (non meraki) ?

Is there some restrictions ? Did someone already tried to do this ?

 

Thanks for your help

VincentD
0 Kudos
3 Replies 3
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Aug 18 2019 4:46 PM
‎Aug 18 2019 4:46 PM

The users have to be layer 2 adjacent to the MX and the MX acting as their default gateway.  The MX tracks the users by their MAC address.  When their is another device doing layer 3 routing the users still get the authentication prompt but the MX sees the MAC address of the layer 3 router instead.  So the first person works, but the second person will appear to be already signed in.

 

So this wont work.

0 Kudos
In response to PhilipDAth
VincentD
Comes here often
‎Aug 19 2019 5:36 AM
‎Aug 19 2019 5:36 AM

Is it the same problem if I put the MX in IP tracking (instead of MAC tracking) ?

VincentD
0 Kudos
In response to VincentD
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Aug 19 2019 2:33 PM
‎Aug 19 2019 2:33 PM

I'm 90% sure you will, yes.  However I have not tried the authentication case.

 

I can tell you that group policy still uses MAC addresses when using the IP tracking option.

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.