Meraki Community

Madhan_kumar_G · ‎Jul 8 2022

Hi,

ISE is used for posturing.

During migration from Cisco WLC to Meraki Wireless, existing setup has ACLs created in WLC. Now we are configuring similar group policies in Meraki. Using Airspace ACL attribute for deciding the ACL.
Do we have to keep permit and deny as it is in WLC or need to inverse them in Meraki?
Confusion is because of redirect ACLs
Please clarify.

GIdenJoe · ‎Jul 9 2022

Meraki does not use the concept of redirect ACL. This document outlines your use case https://documentation.meraki.com/MR/Encryption_and_Authentication/Device_Posturing_using_Cisco_ISE

Basically you need to choose the ISE portal authentication and the URL that is passed from ISE will be used.
Don't forget to put ISE IP's in the walled garden to avoid having the redirect loop (which kind of acts as your preauth ACL).

If you apply any ACL AFTER authentication you will have to pass Filter-ID or Airespace-ACL which have regular permits and denies and will not be inverted.

View solution in original post

GIdenJoe · ‎Jul 9 2022

Meraki does not use the concept of redirect ACL. This document outlines your use case https://documentation.meraki.com/MR/Encryption_and_Authentication/Device_Posturing_using_Cisco_ISE

Basically you need to choose the ISE portal authentication and the URL that is passed from ISE will be used.
Don't forget to put ISE IP's in the walled garden to avoid having the redirect loop (which kind of acts as your preauth ACL).

If you apply any ACL AFTER authentication you will have to pass Filter-ID or Airespace-ACL which have regular permits and denies and will not be inverted.

Meraki Community

ACL migration from WLC to Meraki Group policies for ISE posturing and CoA

ACL migration from WLC to Meraki Group policies for ISE posturing and CoA