Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Cisco ISE CWA with Meraki MX

VS
New here
‎Oct 23 2018 1:16 AM
‎Oct 23 2018 1:16 AM

Cisco ISE CWA with Meraki MX

I am following this guide to configure self-registered/sponsored guests portal. Splash pages are served by Cisco ISE 2.2. WLAN is comprised of MXs and Meraki APs.

 

In this guide where it says:

 

Guest Internet Access Authorization Profile

  • Select the ACCESS_ACCEPT option for Access Type
  • Check the optional Airspace ACL Name check box, and define the name of a custom group policy configured on the Meraki Dashboard. This example used a group policy named internet.

 

 

 

 

 

My Question is -- what happens if i don't create a custom group policy on Meraki dashboard? I spoke to Meraki admin, he says they haven't created any custom group policy. I understand this is like an ACL. We have firewalls between Guest subnet and corporate WAN. So, is it still necessary to create this group policy? Will not creating this element break any functionality?

 

 

0 Kudos
Subscribe
2 Replies 2
jcottage
Here to help
‎Oct 23 2018 5:40 AM
‎Oct 23 2018 5:40 AM

VS,

 

Adding the airspace ACL/group policy is not a requirement after the user is authenticated. The COA sent from ISE will start a new session with the new information. However adding a group policy that only allows access to the internet is a great defense in depth strategy in case something else happens.

 

0 Kudos
Subscribe
In response to jcottage
VS
New here
‎Oct 26 2018 12:21 AM
‎Oct 26 2018 12:21 AM

jcottage,

Thank you for your inputs, greatly appreciated. I agree with your suggestion - its not mandatory but its a good to have.

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.