Hello all, I wanted to get a better understanding how this works :

https://documentation.meraki.com/MS/Access_Control/MS_Switch_Access_Policies_(802.1X)

On  WIFI it’s obviously pretty easy now to set up a SSID that does automatic 802.1X authentication for any device on any OS  that is enrolled in meraki MDM (and place self-enrollment behind a login users don’t have) and a separate SSID for guest users.

All of our desktops/mobile  are in the Meraki MDM.

I was hoping to do the same thing on (at least) some subset of our LAN ports

• Allow ethernet devices enrolled in our MDM to have access and restrict anything else (mac and pc!)

Or more ideally:

• Allow ethernet devices enrolled in our MDM to have access and dump anything else on a guest vlan (Mac and pc!)

       I don’t have meraki switches yet nor do I plan to invest in cisco ISE at the moment.

       If I hang a MS switch off non meraki switching would I be able to use the sentry/802.1x capability on a specific VLAN  (and perhaps be able to use the “guest’ vlan) with single host mode? When looking at settings on a test dashboard network this seems to be the case?

Looking at capabilities, in *THEORY* the same thing is possible if running the relevant ports through something like a MR30H ? Or perhaps via one of the MX appliances?

Depending on the scenario/cost we could probably directly wire the ports in question directly

(edit, an old thread with screenshot of the wifi network I would like to duplicate: https://community.meraki.com/t5/Security-SD-WAN/Meraki-Wifi-style-Sentry-802-1x-on-wired-LAN/m-p/518... )

thanks