Cisco ISE 2.4 with Meraki MS mab authentification

doerki
Comes here often

Cisco ISE 2.4 with Meraki MS mab authentification

hello everyone 

 

 

we want to migrate our cisco switch infrastructure into a meraki infrastructure. But at this moment i can`t authentificate clients or devices by MAC adresse with the ISE 2.4 

 

The client gets from the ISE the right vlan but the switch doesn`t get these information. 

 

11001Received RADIUS Access-Request
11017RADIUS created a new session
11027Detected Host Lookup UseCase (Service-Type = Call Check (10))
15049Evaluating Policy Group
15008Evaluating Service Selection Policy
15041Evaluating Identity Policy
15013Selected Identity Source - Internal Endpoints
24209Looking up Endpoint in Internal Endpoints IDStore - 48:7A:55:03:FE:81
24211Found Endpoint in Internal Endpoints IDStore
22037Authentication Passed
24715ISE has not confirmed locally previous successful machine authentication for user in Active Directory
15036Evaluating Authorization Policy
15016Selected Authorization Profile - VLAN_242_full-access
11002Returned RADIUS Access-Accept

 

802.1x works fine with the MS Switches. 

 

plz let me now if someone can help me

 

 

kind regards

 

christian

1 Reply 1
jcottage
Here to help

Can you share the contents of the Authorization Profile sent from ISE to the switch.

 

It should match whats in this KB:

https://documentation.meraki.com/MS/Port_and_VLAN_Configuration/Dynamic_VLAN_assignment_via_802.1X_(...

 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels