Meraki BYOD solution component

SOLVED
yongkhang
Comes here often

Meraki BYOD solution component

Hi Merakian,

 

Just wonder is there any Meraki BYOD solution design guide, configuration guide documentation around?

 

I intend to create the BQ but i have no idea what need to be include?

 

Thanks

 

Noel

1 ACCEPTED SOLUTION
KarstenI
Kind of a big deal
Kind of a big deal

The MX typically does not play any significant role in the BYOD solution. The onboarding runs through manual enrolment or through the MR access-points and provisions the client into the SM Mobile Device Management.

Best to build a test-system for all your intended devices as there are some gotchas that make it less usable compared to an ISE. For example, the BYOD users can automatically get a certificate for WLAN access. But this is not an intended use case for your domain-users which need a different authentication. And these certificates can not be used on all switch ports. 

If you have an all-wireless, all BYOD environment, then it will be great. But if there are a significant amount of legacy devices you need "something else" for these. And the ISE could give you all at the same time. 

View solution in original post

7 REPLIES 7
BrandonS
Kind of a big deal

You are a reseller, I guess?  You may want to start at https://salesconnect.cisco.com and read up on Meraki a bit.  BYOD is a pretty vague marketing term and does not correlate exactly with specific products or SKUs.  What exactly have you been asked to quote?

 

- Ex community all-star (⌐⊙_⊙)

Hi Brandon, 

 

First of all, thanks for reply, 

 

Eventually i looking at Cisco BYOD solution, particular wireless access method, and try with no ISE involve maybe.

 

So i wonder if meraki can do 

1. Guest Access Management

2. 802.1x 

3. device onboarding

 

What component do i need to invest MX, SM , yet MR, MS as access media

 

Thanks

 

Noel

 

KarstenI
Kind of a big deal
Kind of a big deal

The MX typically does not play any significant role in the BYOD solution. The onboarding runs through manual enrolment or through the MR access-points and provisions the client into the SM Mobile Device Management.

Best to build a test-system for all your intended devices as there are some gotchas that make it less usable compared to an ISE. For example, the BYOD users can automatically get a certificate for WLAN access. But this is not an intended use case for your domain-users which need a different authentication. And these certificates can not be used on all switch ports. 

If you have an all-wireless, all BYOD environment, then it will be great. But if there are a significant amount of legacy devices you need "something else" for these. And the ISE could give you all at the same time. 

Hi Karstenl,

 

Thanks for the reply.

 

Yup, all endpoint is wireless. Just want to get rid of Cisco ISE anyway.

 

I believe what you trying to say is leveraging the ISE profiling feature to recognize endpoint OS, in this case, i just try minimize the usage on device onboarding.

 

Thanks

KarstenI
Kind of a big deal
Kind of a big deal

No, that's not what I tried to say ... 😉

 

I was talking about how to authenticate your endpoints when entering the network. Your BYOD devices typically get a certificate enrolled and use the Meraki authentication (That is IMO one of the best features of SM). But the domain-PCs do not have a certificate from the Meraki Dashboard like the BYOD devices and have to be authenticated in a different way, for example through your Microsoft NPS.

The ISE could authenticate both your BYOD- and domain systems.

BrandonS
Kind of a big deal

It sounds like three basic SKUs you are after if I understand correctly:

 

1. Choose the model(s) of MR you like.

2. Choose license term 1-10 years and include one license per MR.

3. Choose number of Systems Manager licenses required. 

 

I encourage you to do Meraki Fit training if you are a reseller with a Cisco login: http://community.meraki.com/merakifit and/or watch some webinars/content on Meraki's YouTube channel to get a firm grasp of how it all works and fits together.

 

Best.

 

 

- Ex community all-star (⌐⊙_⊙)
BrandonS
Kind of a big deal

And are you a Cisco reseller and do you work in the CCW tool?  If so, you can order NFR (not for resale) gear for an incredibly low price to have some lab gear and play around with if you like.  You can also do a free 2 week trial, but then you have to send it back or be charged.

- Ex community all-star (⌐⊙_⊙)
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels