Forescout and Meraki

Spaztibator
Here to help

Forescout and Meraki

We currently have Cisco ISE, but are looking at Forescout for 802.1x Authentication.  Does anybody have any experience with this?

 

Thanks,

Chris

6 REPLIES 6
Adam
Kind of a big deal

I haven't looked into Forescout but are you a Windows AD environment?  Can't you just use NPS on a Windows Server for 802.1x?  Seems to work fine in our environment. 

Adam R MS | CISSP, CISM, VCP, MCITP, CCNP, ITILv3, CMNO
If this was helpful click the Kudo button below
If my reply solved your issue, please mark it as a solution.

Adam,

We are doing so much more with Cisco ISE now.  For non standard devices, we are using MAC authentication and profiling.  Management wants to move to Forescout, so I am wondering if anybody has used Meraki and Forescout. 

CiscoKid14074
Conversationalist

We have done this successfully with Meraki and ForeScout.  ForeScout supports Meraki Wireless APs (MR) and Switches (MS) for authentication, authorization and guest management. This is provided via RADIUS and CoA with ForeScout CounterACT being the RADIUS/802.1x server.

 

For more information on the CoA and take a look at the following documentation on Meraki’s portal (which mentions ForeScout): https://documentation.meraki.com/MR/Encryption_and_Authentication/Change_of_Authorization_with_RADIU...

-----

Thanks.  Are you using CoA with ForeScout?  Do you have the span port going to ForeScout?  Are you using an agent?

 

Sorry for the tons of questions.  If you don't want to put this all out in the forums, you can send me a PM.

 

Chris

 

Hey Chris,

 

We successfully tested RADIUS CoA on Meraki Wired & Wireless.   We do provide SPAN to ForeScout to allow enhanced visibility, e.g. DNS, DHCP traffic.   While we tested both in the end we did not use the ForeScout agent, since we can do most of the endpoint assessment without it.

 

 

Hello CiscoKid14074, can you point me to some good documentation on how to integrate ISE 2.3 and Meraki Wired? I am looking for posture, dACL, redirect (for client provisioning), CoA for dynamic VLAN assignment. I'd appreciate it.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels