ISE integration with MX firewall

Slider
Getting noticed

ISE integration with MX firewall

Hello,

 

I am not sure if we can direct Meraki MX to look at ISE, and ISE to look at some database (users, auths, etc...? Access points currently installed are Cisco Aironet. I am trying to see what can/cannot ISE do with Mereki MX firewalls?

HM
8 REPLIES 8
PhilipDAth
Kind of a big deal

Re: ISE integration with MX firewall

ISE is a RADIUS server.  So you could use it for client VPN authentication.  You could use it for splash page authentication.  Can't think of anything else using RADIUS.

Slider
Getting noticed

Re: ISE integration with MX firewall

Thanks, so MX with splash page for guest wireless users (aironet ap's) can integrate with ISE to collect and show data? I am trying to determine the integrity MX has with ISE.
HM
spadefist
Meraki Employee

Re: ISE integration with MX firewall

You can use ISE as a RADIUS server for 802.1x/EAP-on-LAN on the small branch MXs that support 802.1x on their LAN ports.  The RADIUS for splash page, the splash pages are actually served from the dashboard shard infrastructure.  Hence the RADIUS request actually comes from the dashboard, not the MX. 

PhilipDAth
Kind of a big deal

Re: ISE integration with MX firewall

> that support 802.1x on their LAN ports

 

Note this is only the older small MXs ...

Nolan
Getting noticed

Re: ISE integration with MX firewall

What are the "older small MXs?" the 64's?

PhilipDAth
Kind of a big deal

Re: ISE integration with MX firewall

>What are the "older small MXs?" the 64's?

 

MX64 and MX65 can do 802.1x on their LAN ports.  The newer MX67 and MX68 can not.

Nolan
Getting noticed

Re: ISE integration with MX firewall

I haven't been great about keeping up with all what models are available. I saw a couple other posts that talked about certain MXs not be able to do 802.1x and wasn't sure. Thanks for helping make it clearer for me.

colinster
Getting noticed

Re: ISE integration with MX firewall

 

All MX models support a splash page that authenticates against a RADIUS server. Enable the splash page and set it to authenticate against the ISE RADIUS server.

https://documentation.meraki.com/zGeneral_Administration/Cross-Platform_Content/Configuring_RADIUS_A...

 

 

The MX64, MX65, MX64W, and MX65W support access policies including 802.1x. You can point the MX to authenticate the ports against the ISE RADIUS server:

https://documentation.meraki.com/MX/Access_Control_and_Splash_Page/MX_Access_Policies_(802.1X)

 

 

You can see the matrix of compatibility for MX on the document here:

https://community.cisco.com/t5/security-documents/how-to-integrate-meraki-networks-with-ise/ta-p/361...

Colin Lowenberg
wireless engineer and startup founder, formerly known as "the API guy", now I run a Furapi, the therapy dog service, and Lowenberg Labs, an IT consulting company.
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels