Meraki

Nolan · ‎Mar 25 2020

So we're deploying out some MX64's for remote worker use. My boss asked me to set a "sticky mac" on the ports so the users could only use approved devices. I know what he's after but I can't do it quite the way he was thinking. It seems to me like this would have to be done using a RADIUS server. Anyone know for sure if I can use ISE to work as the radius server and do port auth with either 802.1x or mac auth?

I've tried looking around at various posts and documentation and I'm getting mixed results. Also if anyone does know for sure it can be done do you happen to know of any good documentation on configuring the ISE side of things? It's been on my to do list to learn more about ISE but I haven't really jumped into it yet so I'm fairly unfamiliar. I found some nice documentation on Cisco's site and it has sections talking about configuring wired 802.1x but only mentions the switches, would the MX's follow pretty much the same setup?

Thanks in advance for any help anyone can shed on this topic for me.

ww · ‎Mar 25 2020

Yes you can authenticate ports on mx64 using a radius server. If you set the Port to access on the port setting itself you can configure the radius server ip and port.

Other option is to deny al outgoing traffic in the firewall and then whitelist the specific client

PhilipDAth · ‎Mar 25 2020

You can't use stick mac's on an MX64.

But if you are using 802.1x authentication then only authentication devices can attach anyway. 802.1x is like an improvement over stick mac.

Meraki

Community

Meraki MX64 and Cisco ISE port authentication

Meraki MX64 and Cisco ISE port authentication