Meraki MAB and ISE profiling using DHCP attributes


Meraki MAB and ISE profiling using DHCP attributes

We have an issue with DHCP attributes not making to ISE before they are hitting the default deny.  Since the endpoint is new,  ISE does not received the DHCP attributes to put them in the right endpoint profile.  Is there a way to allow DHCP through to ISE before the authorization from ISE.     


I test the policy set in ISE and change the default to access allow and I can see the DHCP attributes populated in the endpoint and get the correct profile.  Is there an open authentication method and COA from ISE or MS switch that can resolve this issue?

Kind of a big deal

Re: Meraki MAB and ISE profiling using DHCP attributes

I'm note sure Meraki supports monitor-mode or partial acces mode like catalysts do.

However if you're using MS210 or higher and running beta you could get access to the new support for filter-ID attribute.


Then you could allow the client before DHCP profiling but apply an ACL through filter-ID (uses a Meraki group policy) that only allows UDP/67 and 68.  Then trigger a CoA with a new authorization allowing full access.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.