Meraki

Community

Cisco NAC for a campus

SteveHen
Conversationalist
yesterday
yesterday

Cisco NAC for a campus

Hi,

 

Please can I get some understanding for potential solutions for a problem with NAC using ISE. I have Meraki switches and the L3 is held on the SD WAN devices. Currently various client vlans but moving to NAC what are the options for the client vlan. NAC will place a client into a user vlan. This will centrally from my understanding place the port into a single vlan number across the estate. Where I have  large site across multiple buildings I do not really want to have a single vlan 10 for all client connections that would need to be a /22 for the number of clients. This could cause some STP issues that I would like to avoid.

 

Thanks, Steve

Labels:
0 Kudos
4 Replies 4
Mloraditch
Kind of a big deal
Kind of a big deal
yesterday
yesterday

Named VLANs and profiles would be the solution for, you can use names in ISE and then apply different vlan numbers to groups of switches for the same name
 https://documentation.meraki.com/Switching/MS_-_Switches/Design_and_Configure/Configuration_Guides/P...
https://documentation.meraki.com/Platform_Management/Dashboard_Administration/Design_and_Configure/C...

 

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
In response to Mloraditch
PhilipDAth
Kind of a big deal
Kind of a big deal
yesterday
yesterday

This is the way.

In response to Mloraditch
DarrenOC
Kind of a big deal
Kind of a big deal
yesterday
yesterday

Definitely another upvote for this one 

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
0 Kudos
alemabrahao
Kind of a big deal
Kind of a big deal
yesterday
yesterday

If you avoid a single VLAN across multiple buildings, use Rapid STP (RSTP) or MSTP for interoperability.
Meraki MS switches run single-instance MSTP, essentially Rapid STP and avoid PVST or vendor-specific STP variants.

 

Take a look about Meraki and ISE integration.

 

https://community.cisco.com/t5/security-knowledge-base/how-to-integrate-meraki-networks-with-ise/ta-...

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.