Meraki MX support CoA with Cisco ISE?

Solved
MakaraMEAS
Getting noticed

Meraki MX support CoA with Cisco ISE?

Dear Experts,


I configured MAB and Integrate MX with ISE but I cannot find option CoA configuration on Meraki MX.
Without this Authentication and Authorization is not effective to clients. It is support CoA with MAB authentication and authorization by Meraki MX and ISE or not?

 

Thanks you,

Makara(Mr.)

M.MAKARA
1 Accepted Solution
KarstenI
Kind of a big deal
Kind of a big deal

I just got an answer from Support: RADIUS-Authorisation is not supported at all on the MX, only Authentication. Ignoring the VLAN-attribute that is sent by the RADIUS server is the expected behaviour.

I just added feedback on this topic on the dashboard.

View solution in original post

11 Replies 11
MakaraMEAS
Getting noticed

From my testing, need to attach Group Policy to VLAN then after authentication success MX will apply Group Policy to that VLAN.

M.MAKARA
KarstenI
Kind of a big deal
Kind of a big deal

The MX doesn't do CoA. But you can still do Authentication and Authorization without.

 

https://documentation.meraki.com/MX/Access_Control_and_Splash_Page/MX_Access_Policies_(802.1X)

 

It is required to use with MAB, and endpoint (like IoT or CCTV) connect directly to Meraki MX.

M.MAKARA
KarstenI
Kind of a big deal
Kind of a big deal

I just tested it, and you are right that it doesn't work. But that is not because of CoA. It just seems that the MX is ignoring the RADIUS attribute for the VLAN. I am not 100% sure, but I think I have done this previously (on older MX versions) and it worked. Best to open a support case.

GIdenJoe
Kind of a big deal
Kind of a big deal

Hmm if you want usecases like that I think you will require a switch to do that.

KarstenI
Kind of a big deal
Kind of a big deal

I also opened a Case for this and at least the Supporter didn't directly say that it is not supported. Let's see what comes out of this.

KarstenI
Kind of a big deal
Kind of a big deal

I just got an answer from Support: RADIUS-Authorisation is not supported at all on the MX, only Authentication. Ignoring the VLAN-attribute that is sent by the RADIUS server is the expected behaviour.

I just added feedback on this topic on the dashboard.

@KarstenIThank you so much for your great answer.

M.MAKARA
CptnCrnch
Kind of a big deal
Kind of a big deal

Thanks for the reminder @KarstenI. That's one of the things I'm going to address at Cisco Live next month.

KarstenI
Kind of a big deal
Kind of a big deal

The most pressing problem on the MX is IMO still the missing inbound filter for L2L-VPN traffic. 

CptnCrnch
Kind of a big deal
Kind of a big deal

Also a great one. It'll be added to my list 😉

Get notified when there are additional replies to this discussion.