Cisco ISE CWA with Meraki MX

VS
New here

Cisco ISE CWA with Meraki MX

I am following this guide to configure self-registered/sponsored guests portal. Splash pages are served by Cisco ISE 2.2. WLAN is comprised of MXs and Meraki APs.

 

In this guide where it says:

 

Guest Internet Access Authorization Profile

  • Select the ACCESS_ACCEPT option for Access Type
  • Check the optional Airspace ACL Name check box, and define the name of a custom group policy configured on the Meraki Dashboard. This example used a group policy named internet.

 

 

 

 

 

My Question is -- what happens if i don't create a custom group policy on Meraki dashboard? I spoke to Meraki admin, he says they haven't created any custom group policy. I understand this is like an ACL. We have firewalls between Guest subnet and corporate WAN. So, is it still necessary to create this group policy? Will not creating this element break any functionality?

 

 

2 Replies 2
jcottage
Here to help

VS,

 

Adding the airspace ACL/group policy is not a requirement after the user is authenticated. The COA sent from ISE will start a new session with the new information. However adding a group policy that only allows access to the internet is a great defense in depth strategy in case something else happens.

 

VS
New here

jcottage,

Thank you for your inputs, greatly appreciated. I agree with your suggestion - its not mandatory but its a good to have.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels