Meraki MX64 and Cisco ISE port authentication

Nolan
Getting noticed

Meraki MX64 and Cisco ISE port authentication

So we're deploying out some MX64's for remote worker use. My boss asked me to set a "sticky mac" on the ports so the users could only use approved devices. I know what he's after but I can't do it quite the way he was thinking. It seems to me like this would have to be done using a RADIUS server. Anyone know for sure if I can use ISE to work as the radius server and do port auth with either 802.1x or mac auth? 

 

I've tried looking around at various posts and documentation and I'm getting mixed results. Also if anyone does know for sure it can be done do you happen to know of any good documentation on configuring the ISE side of things? It's been on my to do list to learn more about ISE but I haven't really jumped into it yet so I'm fairly unfamiliar. I found some nice documentation on Cisco's site and it has sections talking about configuring wired 802.1x but only mentions the switches, would the MX's follow pretty much the same setup?

 

Thanks in advance for any help anyone can shed on this topic for me.

2 Replies 2
ww
Kind of a big deal
Kind of a big deal

Yes you can authenticate ports on mx64 using  a radius  server.  If you set the Port to access on the port setting itself you can configure the radius  server ip and port.

 

Other  option is to deny  al outgoing  traffic in the firewall and then  whitelist the  specific client

PhilipDAth
Kind of a big deal
Kind of a big deal

You can't use stick mac's on an MX64.

 

But if you are using 802.1x authentication then only authentication devices can attach anyway.  802.1x is like an improvement over stick mac.

Get notified when there are additional replies to this discussion.