- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Meraki MX support CoA with Cisco ISE?
Dear Experts,
I configured MAB and Integrate MX with ISE but I cannot find option CoA configuration on Meraki MX.
Without this Authentication and Authorization is not effective to clients. It is support CoA with MAB authentication and authorization by Meraki MX and ISE or not?
Thanks you,
Makara(Mr.)
Solved! Go to solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I just got an answer from Support: RADIUS-Authorisation is not supported at all on the MX, only Authentication. Ignoring the VLAN-attribute that is sent by the RADIUS server is the expected behaviour.
I just added feedback on this topic on the dashboard.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
From my testing, need to attach Group Policy to VLAN then after authentication success MX will apply Group Policy to that VLAN.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The MX doesn't do CoA. But you can still do Authentication and Authorization without.
https://documentation.meraki.com/MX/Access_Control_and_Splash_Page/MX_Access_Policies_(802.1X)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It is required to use with MAB, and endpoint (like IoT or CCTV) connect directly to Meraki MX.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I just tested it, and you are right that it doesn't work. But that is not because of CoA. It just seems that the MX is ignoring the RADIUS attribute for the VLAN. I am not 100% sure, but I think I have done this previously (on older MX versions) and it worked. Best to open a support case.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hmm if you want usecases like that I think you will require a switch to do that.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I also opened a Case for this and at least the Supporter didn't directly say that it is not supported. Let's see what comes out of this.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I just got an answer from Support: RADIUS-Authorisation is not supported at all on the MX, only Authentication. Ignoring the VLAN-attribute that is sent by the RADIUS server is the expected behaviour.
I just added feedback on this topic on the dashboard.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for the reminder @KarstenI. That's one of the things I'm going to address at Cisco Live next month.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The most pressing problem on the MX is IMO still the missing inbound filter for L2L-VPN traffic.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Also a great one. It'll be added to my list 😉
