Meraki Wifi style Sentry / 802.1x on wired LAN?

BorisT
Conversationalist

Meraki Wifi style Sentry / 802.1x on wired LAN?

Hello all, I am trying to reproduce a security configuration on our Meraki wireless on a wired network that would consist of Regular Cisco switches and I assume a single armed Meraki MX, I am wondering if it is in any way possible  d (see attached) - basically the end result of this configuration: any device that is on our Meraki MDM is allowed to access this SSID via certificate authentication, all other devices receive a login prompt (that only has admin users anyway) and even then only allows MDM enrollment effectively blocking all non enrolled devices.

 

Screen Shot 2017-11-15 at 4.01.48 PM.png

6 REPLIES 6
PhilipDAth
Kind of a big deal
Kind of a big deal

I don't know of a way.

 

A possible solution is to use 802.1x authentication (which can use certificates) to validate that computers are domain members before connecting them.

MRCUR
Kind of a big deal

Wired MS support for Sentry 802.1X is coming in MS firmware 10.X which is currently available as a beta. It does not currently support Windows however (so I guess it's only Mac currently). This would require MS switches though. 

 

I don't believe it's possible to achieve what you're looking to do without using MS switches and the new Sentry support. 

MRCUR | CMNO #12
aws_architect
Building a reputation

@MRCUR did you give it a try ? Does it work on your MacOS ?

 

thank you

 

Br 

aws_architect
Building a reputation

@MRCURDid you give it a try ? Any feedback on MacOS ?

 

thank you

 

 

br 

MRCUR
Kind of a big deal

@aws_architect No sorry, we don't use wired 802.1x anywhere currently. 

MRCUR | CMNO #12
VictorC
Meraki Employee
Meraki Employee

This is definitely possible if you are also using Cisco ISE.   The idea is that Cisco ISE can talk to Meraki Systems Manager to see what devices are currently provisioned and secure, then providing access to that device via 802.1x.

 

More information can be found here:

https://communities.cisco.com/docs/DOC-68324

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels