Meraki

Community

MR APs allowed protocols with ISE

ny167
Just browsing
‎Dec 15 2020 4:30 PM
‎Dec 15 2020 4:30 PM

MR APs allowed protocols with ISE

Hi

I am in the middle of my first Meraki AP / Cisco ISE integration  for Machine and User authentication.

 

 I am using the following as my reference.

 

https://community.cisco.com/t5/security-documents/how-to-integrate-meraki-networks-with-ise/ta-p/361...

 

Can the APs use EAP TLS instead of MSCHAPv2?

 

The above document suggests not but any clarification is appreciated.

 

Thanks

0 Kudos
1 Reply 1
Bruce
Kind of a big deal
‎Dec 15 2020 9:13 PM
‎Dec 15 2020 9:13 PM

Yep, the APs don't really inhibit the EAP type, its more to do with what the supplicant and RADIUS server support. Cisco ISE supports EAP-TLS, but this will mean you'll most likely be using certificates for authentication, so you'll need an appropriate Enterprise PKI in place, certificates issued to devices/users, and trusted CA certificates installed on ISE - and then you need to write the policy to check the certificates.

 

If this is your first experience with ISE I'd follow the guide and get the username/password solution working with PEAP-MSCHAPv2 first, and then look at how you can move to EAP-TLS and certificates.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.