Meraki

Community

Forescout and Meraki

Spaztibator
Here to help
‎Nov 27 2017 6:47 AM
‎Nov 27 2017 6:47 AM

Forescout and Meraki

We currently have Cisco ISE, but are looking at Forescout for 802.1x Authentication.  Does anybody have any experience with this?

 

Thanks,

Chris

0 Kudos
6 Replies 6
Adam
Kind of a big deal
‎Nov 27 2017 8:22 AM
‎Nov 27 2017 8:22 AM

I haven't looked into Forescout but are you a Windows AD environment?  Can't you just use NPS on a Windows Server for 802.1x?  Seems to work fine in our environment. 

Adam R MS | CISSP, CISM, VCP, MCITP, CCNP, ITILv3, CMNO
If this was helpful click the Kudo button below
If my reply solved your issue, please mark it as a solution.
0 Kudos
In response to Adam
Spaztibator
Here to help
‎Nov 27 2017 8:47 AM
‎Nov 27 2017 8:47 AM

Adam,

We are doing so much more with Cisco ISE now.  For non standard devices, we are using MAC authentication and profiling.  Management wants to move to Forescout, so I am wondering if anybody has used Meraki and Forescout. 

0 Kudos
CiscoKid14074
Conversationalist
‎Dec 1 2017 4:36 AM
‎Dec 1 2017 4:36 AM

We have done this successfully with Meraki and ForeScout.  ForeScout supports Meraki Wireless APs (MR) and Switches (MS) for authentication, authorization and guest management. This is provided via RADIUS and CoA with ForeScout CounterACT being the RADIUS/802.1x server.

 

For more information on the CoA and take a look at the following documentation on Meraki’s portal (which mentions ForeScout): https://documentation.meraki.com/MR/Encryption_and_Authentication/Change_of_Authorization_with_RADIU...

-----

In response to CiscoKid14074
Spaztibator
Here to help
‎Dec 5 2017 8:05 AM
‎Dec 5 2017 8:05 AM

Thanks.  Are you using CoA with ForeScout?  Do you have the span port going to ForeScout?  Are you using an agent?

 

Sorry for the tons of questions.  If you don't want to put this all out in the forums, you can send me a PM.

 

Chris

 

0 Kudos
In response to Spaztibator
CiscoKid14074
Conversationalist
‎Dec 28 2017 6:25 AM
‎Dec 28 2017 6:25 AM

Hey Chris,

 

We successfully tested RADIUS CoA on Meraki Wired & Wireless.   We do provide SPAN to ForeScout to allow enhanced visibility, e.g. DNS, DHCP traffic.   While we tested both in the end we did not use the ForeScout agent, since we can do most of the endpoint assessment without it.

 

 

0 Kudos
In response to CiscoKid14074
ruizman
New here
‎Mar 20 2018 1:09 PM
‎Mar 20 2018 1:09 PM

Hello CiscoKid14074, can you point me to some good documentation on how to integrate ISE 2.3 and Meraki Wired? I am looking for posture, dACL, redirect (for client provisioning), CoA for dynamic VLAN assignment. I'd appreciate it.

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.