Meraki

GIdenJoe · ‎Oct 12 2020

Hi all,

I recently saw an older vid about someone configuring ISE for MS switch authentication/authorization and I saw him using filter-ID to enforce an ACL on that session.

However when I look at access policies I no longer see that combobox with filter-ID being available nor have I found any relevant documentation that really explains it in detail.

My questions are:

- Are dashboard group policies still supported on 802.1X sessions on MS switches?
- What fields in the group policy are supported?
- I suspect setting dynamic VLANs on switches is only supported through the tunnel-private-id av-pair because you can actually enforce VLAN assignment on AP's.

- Is the feature not supported on any of the MS120, MS125 series switches?

Thanks guys/gals.

Bruce · ‎Oct 12 2020

@GIdenJoe I believe you are referring to the Group Policy ACL feature. From my understanding its still in closed beta, although it was announced 6+ months ago. As you state it uses the filter-ID RADIUS attribute to specify a Group Policy for an 802.1x session, and applies the firewall rules in that policy as a stateless ACL. I'm not sure that it applies anything else from the policy, although haven't tried it and so can't be sure. With regard to switches, its slated to only be available on the current MS210+ models, so not the MS120 or MS125.

View solution in original post

Bruce · ‎Oct 12 2020

@GIdenJoe I believe you are referring to the Group Policy ACL feature. From my understanding its still in closed beta, although it was announced 6+ months ago. As you state it uses the filter-ID RADIUS attribute to specify a Group Policy for an 802.1x session, and applies the firewall rules in that policy as a stateless ACL. I'm not sure that it applies anything else from the policy, although haven't tried it and so can't be sure. With regard to switches, its slated to only be available on the current MS210+ models, so not the MS120 or MS125.

Meraki

Community

MS filter-id support

MS filter-id support