Hello Community Friends!
We are having a brand new LIVE webinar on 4/30 at 10AM PST introducing Adaptive Policy!
This feature enforces security with identity-based policies across all sites just by setting it up once. Join our webinar on to learn how Adaptive Policy helps you:
Register here: https://meraki.cisco.com/webinars/signup/3521/adaptive-policy-set-once-secure-forever/21083777
We love hearing your feedback so tell us why you're interested in this webinar by replying to this thread!
See you there!
Looks interesting.
Shame we need to implement the MS390 into the design! Could a similar design be achieved by using ISE with a Meraki stack - MX, MS, MR?
MR supports it, but only the MS390. None of the other MS. MX does not support it.
Hi @PhilipDAth , so would that require a full deployment of only MS390's or could you deploy at the core and something like the MS225's at the edge?
Hi UCcert, you won't have to swap out every switch for the MS390. As long as you have one MS390 at each core or branch location, Adaptive Policy should be able to cover it.
While you are right Philip, the MX will support Adaptive Policy in the future.
@DarrenOC I wanted to clarify a bit more: Yes you can use ISE with the Meraki stack but you will need either the MS390 or *select Cisco Catalyst for switching, and pair with Meraki MR Wi-Fi 5 Wave 2 and 6 models. The MS390 is currently the only Meraki switch model that supports Adaptive Policy.
If you have Cisco TrustSec or SDA, it will be compatible with Adaptive Policy. Hope that clears things up.
In my understanding Adaptive policy will be an implementation of Trustsec.
On switches this requires hardware support to be able to forward frames with an extra L2 header like that.
Since that has always been a Cisco only thing, the current MS switches cannot support it. But since the new MS390 uses the UADP chip from Cisco it has the hardware support.
MX appliances are like routers that do advanced forwarding using software. So they can support this through software support only.
>MX appliances are like routers that do advanced forwarding using software
No, they have switch module in them for forwarding between the LAN ports in the same VLAN. That's why we can't get things added like spanning tree, LACP, etc.
The WAN ports however will use software forwarding as will forwarding between VLANs.
I stand corrected 😉
I never really consider the MX to forward between LANs as much as I do to the internet. But still in that regard you're right.
We are working towards bringing adaptive policy to the MX and should support most of the current platforms out today from a hardware perspective. Official support has yet to be determined but we are hoping for a beta of SGT being carried over AutoVPN on MX sometime Q1 FY21.
@AmelieS, I clicked the green button on the registration page. The page seems to reload but I don't see anything else.
How do I know I'm subscribed?
@GIdenJoe To complete registration, you will have to fill out the form with your name, email address, etc. This way, you'll get an email reminder about the webinar and have a spot for you 🙂 Let me know if you continue having a problem.
It was a browser issue.
The right part was not showing at all. I had to grab back at iexplore 😜
Still too many "known problems" with that MS390.
Looking forward to this.
I'm interested to see how the MS390 will integrate with the non adaptive policy enabled devices. What point the tag is applied and policy enforced.
Hello, I am new to Meraki and my organization is purchasing MS390s to replace our old EoL Cisco switches for our environment. I am very interested in watching this webinar but unfortunately, I missed it. Is there a way to receive a recording of this?
@DavidSisung wrote:
Hello, I am new to Meraki and my organization is purchasing MS390s to replace our old EoL Cisco switches for our environment. I am very interested in watching this webinar but unfortunately, I missed it. Is there a way to receive a recording of this?
No problem! Here it is:
https://merakiresources.cisco.com/m-english-on-demand-webinar-adaptive-policy.html
Hi @MeredithW I've tried to view that webinar but the form is getting stuck on 'Please Wait' after entering all my details, tried different browsers. Unsure if its mentioned in the video, I was trying to find out if there is any scheduled release date for the Adaptive Policy features? Thanks.
@Jimmy_D wrote:
Hi @MeredithW I've tried to view that webinar but the form is getting stuck on 'Please Wait' after entering all my details, tried different browsers. Unsure if its mentioned in the video, I was trying to find out if there is any scheduled release date for the Adaptive Policy features? Thanks.
May 19th is the release of Adaptive Policy!
Hi @MeredithW,
I've waited a few days and was able to view that webinar, I can see within the demo for this new feature it appears under the Organization menu as 'Adaptive Policy'.
I have some MS390's within my networks and this menu item does not appear, can you confirm if the May 19th release date is a beta 'opt-in' date? If so what is the general release date? And what is the process to enable the beta if we wish to begin using?
Thanks.
Hi @Jimmy_D
you need to have the Advanced (not Enterprise) licensing for the M390 - you also need to open a support case to have them install MS14 beta Firmware on the MS390 + Enable adaptive policy feature in your dashboard- mention this email thread in the case.. if that fails involve your Meraki Sales Rep... this is how we got it enabled in our dashboard.
in my opinion the Webinar was too general.. the demo by the SE was very brief and really skimmed over things like how do you assign SGT tags to individual AD users connecting via WIFI to the MR device using Certificate /Meraki Radius /SM integrated clients.. or how does the MS390 pass SGT tag to other Catalyst switches..or ISE integration - it was more like.. here is how to assign an SGT tag to all clients on this SSID or to this specific port# on the MS390 - I would like to see a more in-depth demo
Hi @Jimmy_D ,
Adaptive Policy is in beta release right now. If you'd like to test out the feature, you will have to request it from your Meraki rep and they can add you into the beta program.
Hope this helps!