Meraki

Community

Trunk port security for Catalyst AP

LinLi
Comes here often
Monday
Monday

Trunk port security for Catalyst AP

Hi Team,

Customer has deployed Catalyst 9100 series APs, connecting to Meraki MS switch. APs are Flex mode and joined to C9800 WLC.

On MS switch, the ports connecting APs are on Trunk mode. one of VLAN for SSID is in local forwarding from Meraki switching.

 

Question: is any way to deploy MAB authentication with ISE for those AP port on Meraki switch. Or if any other solutions to improve the port security?

 

Thanks.

Labels:
0 Kudos
3 Replies 3
alemabrahao
Kind of a big deal
Kind of a big deal
yesterday
yesterday

No, it's not, just with port in access mode.

 

 

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
RaphaelL
Kind of a big deal
Kind of a big deal
yesterday
yesterday

Only solution imo is to capwap the trafic to the WLC and put the AP ports in access mode with an access policy.

0 Kudos
rhbirkelund
Kind of a big deal
Kind of a big deal
3 hours ago
3 hours ago

While unfortunately it's not using ISE, you could create a SmartPort automation that triggers on the AP LLDP description. If it's a Catalyst 91xx it uses a Trunk port, otherwise it's an Access Port with an Access Policy.

LinkedIn ::: https://blog.rhbirkelund.dk/

Like what you see? - Give a Kudo ## Did it answer your question? - Mark it as a Solution 🙂

All code examples are provided as is. Responsibility for Code execution lies solely your own.
0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.