I am helping my customer to migrate from Cisco Aironet wifi to Meraki MR. They have SSIDs which are configured with WPA-PSK and Mac Filtering both. MAC Filtering is enabled just to send radius requests to ISE. And then ISE performs profiling and returns an ACL name or VLAN.
What is the best way to migrate this configuration to Meraki?
Meraki doesn't support WPA-PSK + MAC Filtering. So how can i send radius requests to ISE for a PSK mode SSID? Using identity PSK may be an option???
Secondly how can Meraki MR help ISE for profiling? It does not pass its own profiling results to ISE currently.
DHCP relay on MX may be an option but what if MX has be the DHCP server itself.
You could take a look at IPSK, which lets you define a PSK per MAC address.
You can still return a VLAN directly to put the client into.
Another popular way in the Meraki world you use the Filter-Id attribute. This specifies a group policy to apply to the user, which can be used to drop them into a VLAN, and apply lots of other things at the same time.
Check out this article when using Cisco ISE for device profiling.
ps. Meraki MR also has built in device profiling, and can apply policies by device type.