Meraki

Bucket

So the documentation for Access Manager was just released and it looks very cool. It supports access control through 802.1X and MAB, while SmartPorts profiles endpoints using OUI and LLDP/CDP. SmartPorts also configures both access and trunk ports.

How do these two features interact with each other, and which one takes precedence?

Are there any plans to consolidate Access Manager and SmartPorts policies into a unified, shared policy? With ISE, you can manage 802.1X, MAB, profiling, and more all in one centralized location.

Mloraditch

Given what they do, I would think they can generally coexist. The only thing they both can do to a port is define the access VLAN on a port.

802.1x policies should take precedence to SmartPorts IMO, but perhaps someone from Meraki can confirm. Although I would imagine you can test now with ISE or another radius server. I have to imagine from the switch side there is no difference in how it handles things. It's definitely still just using access policies on the ports as that's shown in the documentation.

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.

GIdenJoe

A session should always take precedence over templated config.
There is talk that access manager will also be supporting some basic form of profiling which is basically what smartports do on the LLDP/MAC only side.

Access manager will be a licensed feature (either having advanced licensing on your Meraki hardware or a separate license if you don't have advanced) So the place for smartports will be for people who do not want to pay for access manager. But once you have access manager it should completely supplant smartports since you can do all and more with access manager.

JeroenVercoulen

I've talked with Cisco about Access Manager and also our organisation is one of the lucky ones to test this feature. I must say it's very easy to setup and will most likely be something that would be able to replace your ISE setup if your only using the basic stuff. We've only tested MAB for now, but you can connect it to Entra ID for example to work with certificates and then do fully 802.1x.