Is it possible to configure a dynamic vlan allocation via Cisco ISE (Radius Server) for wired clients (MAB/8021X) ? If I configured a SSID on Cisco MR & having an option "RADIUS override", to get the VLAN-ID from my RADIUS-Server. On Cisco Meraki Switches unable to find such any option. Do you guys know if the "RADIUS override" option (or something similar options) is configurable for wired clients on a Meraki MS-Switch?
Thanks @ww. I have referred this document but it is not working (getting error could find the authentication profile created for wired clients) so please provide any other solution & share some screenshot.
If you've referred to the document and you're still having problems, I have to ask: Have you consulted Meraki Support?
I've done a couple of deployments with wired 802.1x, except I use Microsoft NPS instead of ISE. In the cases I did I used a Cisco Meraki Access policy to specify the VLANs to use - rather than dynamically assigning them from RADIUS.
https://documentation.meraki.com/MS/Access_Control/MS_Switch_Access_Policies_(802.1X)
The documentation says that dynamic VLAN assignment is supported though. Make sure you are passing all theee required parameters from ISE back to the switch (Tunnel-Medium-Type, Tunnel-Pvt-Group-ID and Tunnel-Type).
@PhilipDAth wrote:The documentation says that dynamic VLAN assignment is supported though. Make sure you are passing all theee required parameters from ISE back to the switch (Tunnel-Medium-Type, Tunnel-Pvt-Group-ID and Tunnel-Type).
That‘s a thing ISE does by default when returning a user defined VLAN
Still Dynamic Vlan assignment feature is not working with Cisco Meraki MS. Even I have configured the authorization profile & followed the instruction as received by PhilipDAth & applied it on Authorization policy. If I selected the default authorization profile "Permit Access" in authorization policy then it works. Means something is wrong with Authorization profile which is not working with Cisco Meraki MS. Please suggest if someone have any other solution for Dynamic Vlan assignment.
Error on Cisco ISE:
15011 | Authorization Policy not configured |
15019 | Could not find selected Authorization Profiles |
Event | 5400 Authentication failed |
Failure Reason | 15019 Could not find selected Authorization Profiles |
Root cause | Could not find selected Authorization Profiles |
Looks like ISE is not hitting the AuthZ / authorization policy as expected. Therefore it isn‘t able to return the profile. Nothing wrong on the Meraki side of things.
Do you have the instructions to implement wired 802.1x with dynamic VLANs ? Appreciate your help