Meraki

Community

wired/Wireless/device administration using ISE and DUO and meraki MX 250

securityninja
Comes here often
‎Apr 21 2021 2:46 AM
‎Apr 21 2021 2:46 AM

wired/Wireless/device administration using ISE and DUO and meraki MX 250

Hi Guys,

 

We need some advise as what are the best practices to integrate EAP-TLS or EAP based authentication for meraki MX 250. I reviewed the documentation so ISE integration using radius is straight forward.

 

We would like to if EAP TLS option is automatically done by meraki or we need to manually add a cert on meraki end, also does ISE and Endpoint needs to have the same cert or it is not needed.

 

What are the specific limitations in terms of use case for profiling and posturing as it only says limited.

 

 

We will also add DUO MFA so not sure if EAP TLS would cause a problem as DUO only supports PEAP and MS CHAPv2 , from  my understanding DUO would only communicate to AD for authentication of the user, are there any documents which explains entire workflow with ISE + DUO using Meraki VPN.

 

 

Regards,

Sam

0 Kudos
3 Replies 3
Inderdeep
Kind of a big deal
Kind of a big deal
‎Apr 21 2021 6:17 AM
‎Apr 21 2021 6:17 AM

@securityninja EAP-TLS Configuration and Best practice


https://documentation.meraki.com/MR/Encryption_and_Authentication/RADIUS%3A_WPA2-Enterprise_With_EAP... 
https://documentation.meraki.com/MR/Encryption_and_Authentication/Configuring_RADIUS_Authentication_... 

 

Device Posturing using Cisco ISE with Meraki
https://documentation.meraki.com/MR/Encryption_and_Authentication/Device_Posturing_using_Cisco_ISE 

Regards/Inder
Cisco IT Blogs awarded in 2020 & 2021
www.thenetworkdna.com
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Apr 21 2021 1:18 PM
‎Apr 21 2021 1:18 PM

EAP-TLS is an authentication method.  What context are you using this in?  What is the authentication being used for?

 

Not enough information to help.

0 Kudos
In response to PhilipDAth
securityninja
Comes here often
‎Apr 21 2021 3:53 PM
‎Apr 21 2021 3:53 PM

Hi Philip, 

 

I was reading somewhere that there is some option called sentry on Meraki for EAP TLS, I need clarity whether I need to generate a CSR and get a CA signed cert on Meraki as I would be using the same CA for ISE nodes and my endpoints.

 

The objective is DOT1x for wired/wireless and MAB profiling/posturing etc.

 

 

Regards.

Sam

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.