wired/Wireless/device administration using ISE and DUO and meraki MX 250

Comes here often

wired/Wireless/device administration using ISE and DUO and meraki MX 250

Hi Guys,


We need some advise as what are the best practices to integrate EAP-TLS or EAP based authentication for meraki MX 250. I reviewed the documentation so ISE integration using radius is straight forward.


We would like to if EAP TLS option is automatically done by meraki or we need to manually add a cert on meraki end, also does ISE and Endpoint needs to have the same cert or it is not needed.


What are the specific limitations in terms of use case for profiling and posturing as it only says limited.



We will also add DUO MFA so not sure if EAP TLS would cause a problem as DUO only supports PEAP and MS CHAPv2 , from  my understanding DUO would only communicate to AD for authentication of the user, are there any documents which explains entire workflow with ISE + DUO using Meraki VPN.





3 Replies 3
Kind of a big deal
Kind of a big deal

EAP-TLS is an authentication method.  What context are you using this in?  What is the authentication being used for?


Not enough information to help.

Hi Philip, 


I was reading somewhere that there is some option called sentry on Meraki for EAP TLS, I need clarity whether I need to generate a CSR and get a CA signed cert on Meraki as I would be using the same CA for ISE nodes and my endpoints.


The objective is DOT1x for wired/wireless and MAB profiling/posturing etc.





Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.