Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Meraki MAB and ISE profiling using DHCP attributes

kainester
Conversationalist
‎Jun 2 2021 10:48 AM
‎Jun 2 2021 10:48 AM

Meraki MAB and ISE profiling using DHCP attributes

We have an issue with DHCP attributes not making to ISE before they are hitting the default deny.  Since the endpoint is new,  ISE does not received the DHCP attributes to put them in the right endpoint profile.  Is there a way to allow DHCP through to ISE before the authorization from ISE.     

 

I test the policy set in ISE and change the default to access allow and I can see the DHCP attributes populated in the endpoint and get the correct profile.  Is there an open authentication method and COA from ISE or MS switch that can resolve this issue?

0 Kudos
Subscribe
1 Reply 1
GIdenJoe
Kind of a big deal
Kind of a big deal
‎Jun 3 2021 1:47 PM
‎Jun 3 2021 1:47 PM

I'm note sure Meraki supports monitor-mode or partial acces mode like catalysts do.

However if you're using MS210 or higher and running beta you could get access to the new support for filter-ID attribute.

 

Then you could allow the client before DHCP profiling but apply an ACL through filter-ID (uses a Meraki group policy) that only allows UDP/67 and 68.  Then trigger a CoA with a new authorization allowing full access.

Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.