SECURECONNECT

SOLVED
bigben386
Getting noticed

SECURECONNECT

Anyone have an idea when SECURECONNECT or other features announced here https://meraki.cisco.com/securitymadesimple are going to be released? I can find no mention of SecureConnect in the documentation.

1 ACCEPTED SOLUTION
NolanHerring
Kind of a big deal

Last I heard was early 2020. Not last actually, it was only thing I heard.
Nolan Herring | nolanwifi.com
TwitterLinkedIn

View solution in original post

12 REPLIES 12
NolanHerring
Kind of a big deal

Last I heard was early 2020. Not last actually, it was only thing I heard.
Nolan Herring | nolanwifi.com
TwitterLinkedIn

Anybody heard any updates on this? Given that MR v27 and MS v12 have gone GA, I would expect secureconnect to be around the corner.

Interesting. Wonder if they have opened it up to more customers. I asked our account manager about it over the summer and he said they were not accepting any more customers.

Try you AM. again.  I wouldn't know if they are accepting  more beta clients. I can tell you that it feels like an early beta feature 🙂 .

Tore
Getting noticed

It's here 🙂

https://documentation.meraki.com/Meraki_Internal/Draft_Articles/Draft_Article/SecureConnect

 

However this is concerning:

SecureConnect is not supported in networks bound to configuration templates.

Wonder if templates will be supported in the future?

bigben386
Getting noticed

Anyone using this on a network where they are already running 802.1x? I don't see any mention in the docs about how the two interact. Also concerned that it automatically sets a native vlan on the switch port. That will mess up one of my SSIDs.

Few things I don't like:

 

SecureConnect will automatically place these MR access-points in the same VLAN as the management VLAN of the switch they are connected to.

Not a fan of this and they should allow in the future the ability to specify management VLAN for wireless. I don't always use the same VLAN for switch and AP subnets.

 

Assuming authenticated, the "Allowed VLANs : All VLANs"

 

I specifically go out of my way to only allow VLANs with SSID's tied to them (and management for AP) on these ports. Hopefully they allow this to be configured in the future.

Nolan Herring | nolanwifi.com
TwitterLinkedIn

Interestingly enough, the option is available on the template config.

 

I don't have a big concern about the allowed vlans since the AP is being authenticated but I don't like the native vlan being set. We use RADIUS VLANs on one SSID and one that can be assigned is the same VLAN as the switch management network. It seems like that will break because of a tagged/untagged mismatch. Maybe don't have a native VLAN once everything is authenticated.

Tore
Getting noticed

@bigben386Hopefully it will work, then.

I see other features as well not officially supported with templates, like NBAR.

I hope the plan is to have these new features supported with templates.

RichG
Getting noticed

It is available now if you are on the latest MR GA firmware and the beta MS firmware.

https://documentation.meraki.com/MS/Access_Control/SecureConnect

bigben386
Getting noticed

Just my 2c on this. It would be great if Meraki also extended this technology to switch trunking. Auto trunk and LAG inter switch links. That would make the majority of switch connections idiot proof.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels