Meraki

Community

Meraki MS switch + 802.1x and ISE posture

mwaliszko
New here
‎Jul 10 2025 11:40 PM
‎Jul 10 2025 11:40 PM

Meraki MS switch + 802.1x and ISE posture

Hello,

I went through all the docs related to the topic above and I can't find the satisfying answer.

During the time the authenticating client is in ISE unknown posture state you need to create the following:

1) url-redirect-acl - this ACL defines what traffic triggers redirection

2) url-redirect - this is https posture portal (client provisioning portal)

 

The two above attributes are mandatory.

The optional attribute is ACL (dACL) which can limit the IPs/subnets the authenticating device has access to.

How to do the same on Meraki?

 

For 1) - is this achieved by checking CoA + walled garden (you define here ISE IPs + DNS)?

For 2) - my assumption is that this attribute is by default understood by Meraki

For 3) - Filter-ID defined under Access Policy on Meraki needs to be returned in addition on ISE?

And it needs to match what? Group Policy or Access Policy name?

 

Thank you.

 

Labels:
0 Kudos
1 Reply 1
alemabrahao
Kind of a big deal
Kind of a big deal
‎Jul 11 2025 2:49 AM
‎Jul 11 2025 2:49 AM

Meraki MS switches do not support traditional redirect ACLs like Cisco IOS switches. Instead, Meraki uses a "walled garden" approach.

 

Meraki does honor the url-redirect attribute returned by ISE in the RADIUS Access-Accept message. This is used to redirect the client to the ISE posture portal.

 

Meraki does not support Cisco-style dACLs. Instead, it uses Group Policies.

 

Refer the documentation.

"These steps show how to configure ISE Authorization policy for wired employee access using 802.1X as well as supporting wired guest users with the hotspot portal.  Just like Meraki Wireless platforms, Meraki switches now support advanced use cases such as MDM enrollment, Native Supplicant Provisioning (BYOD) and posture assessment.  Please see the wireless section for information on how to configure these advanced uses cases."

 

https://community.cisco.com/t5/security-knowledge-base/how-to-integrate-meraki-networks-with-ise/ta-...

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.