Hello,
I am not sure if we can direct Meraki MX to look at ISE, and ISE to look at some database (users, auths, etc...? Access points currently installed are Cisco Aironet. I am trying to see what can/cannot ISE do with Mereki MX firewalls?
ISE is a RADIUS server. So you could use it for client VPN authentication. You could use it for splash page authentication. Can't think of anything else using RADIUS.
You can use ISE as a RADIUS server for 802.1x/EAP-on-LAN on the small branch MXs that support 802.1x on their LAN ports. The RADIUS for splash page, the splash pages are actually served from the dashboard shard infrastructure. Hence the RADIUS request actually comes from the dashboard, not the MX.
> that support 802.1x on their LAN ports
Note this is only the older small MXs ...
What are the "older small MXs?" the 64's?
>What are the "older small MXs?" the 64's?
MX64 and MX65 can do 802.1x on their LAN ports. The newer MX67 and MX68 can not.
I haven't been great about keeping up with all what models are available. I saw a couple other posts that talked about certain MXs not be able to do 802.1x and wasn't sure. Thanks for helping make it clearer for me.
All MX models support a splash page that authenticates against a RADIUS server. Enable the splash page and set it to authenticate against the ISE RADIUS server.
The MX64, MX65, MX64W, and MX65W support access policies including 802.1x. You can point the MX to authenticate the ports against the ISE RADIUS server:
https://documentation.meraki.com/MX/Access_Control_and_Splash_Page/MX_Access_Policies_(802.1X)
You can see the matrix of compatibility for MX on the document here: