Meraki

Community

MR BYOD using ISE

JasonD_NSI
Here to help
‎Oct 24 2022 4:53 PM
‎Oct 24 2022 4:53 PM

MR BYOD using ISE

I'm trying to set up Meraki MR with single-SSID BYOD, where the same SSID is also used for standard EAP-TLS secure wireless for corporate assets. I can't figure out whether I should set the MR splash page to "None (Direct Access)" or "Cisco Identity Services Engine (ISE) Authentication" I don't want the corporate assets to have to endure a splash page every day. Is what I am trying to do possible, or will I need to switch to a dual-SSID BYOD?

Labels:
0 Kudos
2 Replies 2
RaphaelL
Kind of a big deal
Kind of a big deal
‎Oct 24 2022 5:18 PM
‎Oct 24 2022 5:18 PM

IMO the best way to do this is under a single SSID + None ( Direct Access ). 

 

Also configuring the SSID RADIUS attribute specifying group policy name to AirSpace-ACL-Name to allow ISE to push the Group Policy to your BYOD and override the vlan to separate your BYODs from your corporate assets. 

 

It is only a suggestion. Feel free to modify to your needs and security needs.

alemabrahao
Kind of a big deal
Kind of a big deal
‎Oct 24 2022 5:54 PM
‎Oct 24 2022 5:54 PM

Look at this article:

 

https://community.cisco.com/t5/security-knowledge-base/how-to-integrate-meraki-networks-with-ise/ta-...

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.