Migrating to Meraki MR from Cisco Aironet with ISE

ozgurguler
Meraki Employee
Meraki Employee

Migrating to Meraki MR from Cisco Aironet with ISE

Hi All

I am helping my customer to migrate from Cisco Aironet wifi to Meraki MR. They have SSIDs which are configured with WPA-PSK and Mac Filtering both. MAC Filtering is enabled just to send radius requests to ISE. And then ISE performs profiling and returns an ACL name or VLAN.

What is the best way to migrate this configuration to Meraki?

Meraki doesn't support WPA-PSK + MAC Filtering. So how can i send radius requests to ISE for a PSK mode SSID? Using identity PSK may be an option???

 

Secondly how can Meraki MR help ISE for profiling? It does not pass its own profiling results to ISE currently. 

DHCP relay on MX may be an option but what if MX has be the DHCP server itself. 

 

Thanks

3 Replies 3
PhilipDAth
Kind of a big deal
Kind of a big deal

You could take a look at IPSK, which lets you define a PSK per MAC address.

https://documentation.meraki.com/MR/Access_Control/IPSK_with_RADIUS_Authentication 

 

You can still return a VLAN directly to put the client into.

https://documentation.meraki.com/zGeneral_Administration/Cross-Platform_Content/Creating_and_Applyin... 

 

Another popular way in the Meraki world you use the Filter-Id attribute.  This specifies a group policy to apply to the user, which can be used to drop them into a VLAN, and apply lots of other things at the same time.

https://documentation.meraki.com/MR/Group_Policies_and_Blacklisting/Using_RADIUS_Attributes_to_Apply... 

 

 

PhilipDAth
Kind of a big deal
Kind of a big deal

Check out this article when using Cisco ISE for device profiling.

https://documentation.meraki.com/MR/Encryption_and_Authentication/Device_Posturing_using_Cisco_ISE 

PhilipDAth
Kind of a big deal
Kind of a big deal

ps. Meraki MR also has built in device profiling, and can apply policies by device type.

https://documentation.meraki.com/MR/Group_Policies_and_Blacklisting/Applying_Policies_by_Device_Type 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels