Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Group-policy applied to client via Cisco ISE

peto
Getting noticed
‎May 2 2019 1:51 AM
‎May 2 2019 1:51 AM

Group-policy applied to client via Cisco ISE

Hi,

I have the following problem. I use Cisco ISE to assign group-policy to clients based on the authorization result. I can see successfully applied policy in the Client page via 802.1x. The thing is that the configured filtering (content or URL) doesn't work when the group-policy is applied via dot1x. L3 firewall works, there is no issue. When I apply group-policy manually to the client, everything works as expected. The support told me that it is expected behaviour: the policy does apply to layer 3 for the MX and the MR but not per SSID.

Suggestion is to apply policy manually or via AD.

But I would like to have it applied via dot1x. Does anybody have experience with this?

 

thank you

0 Kudos
Subscribe
2 Replies 2
BrechtSchamp
Kind of a big deal
‎May 2 2019 2:26 AM
‎May 2 2019 2:26 AM

Applying group policy by RADIUS attribute is only for the MR as shown in the table here:

2019-05-02 11_25_32-Window.png

https://documentation.meraki.com/MX/Group_Policies_and_Blacklisting/Creating_and_Applying_Group_Poli...

 

And for the MR content filtering is not supported as shown in the table here:

2019-05-02 11_25_20-Window.png

https://documentation.meraki.com/MX/Group_Policies_and_Blacklisting/Creating_and_Applying_Group_Poli...

 

So that's why.

 

To solve your issue I'd try going at it in a different way. What about assigning a dynamic VLAN to clients and applying group policies on a VLAN basis?

Subscribe
In response to BrechtSchamp
peto
Getting noticed
‎May 2 2019 3:19 AM
‎May 2 2019 3:19 AM

Hi,

the client I test from is connected to the wifi, so dot1x should be applied as per the documentation. This works, group-policy is applied. The second table says that content filtering is not supported on the MR - correct. I expect that the content filtering in my situation is done on the MX. And if the content filtering is done on the MR then my question is why the content filtering works when I assign the group-policy manually to the client.

thank you

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.