Meraki

Community

Meraki BYOD solution component

Solved
yongkhang
Comes here often
‎May 31 2021 11:38 PM
‎May 31 2021 11:38 PM

Meraki BYOD solution component

Hi Merakian,

 

Just wonder is there any Meraki BYOD solution design guide, configuration guide documentation around?

 

I intend to create the BQ but i have no idea what need to be include?

 

Thanks

 

Noel

0 Kudos
1 Accepted Solution
In response to yongkhang
KarstenI
Kind of a big deal
Kind of a big deal
‎Jun 2 2021 2:40 AM
‎Jun 2 2021 2:40 AM

The MX typically does not play any significant role in the BYOD solution. The onboarding runs through manual enrolment or through the MR access-points and provisions the client into the SM Mobile Device Management.

Best to build a test-system for all your intended devices as there are some gotchas that make it less usable compared to an ISE. For example, the BYOD users can automatically get a certificate for WLAN access. But this is not an intended use case for your domain-users which need a different authentication. And these certificates can not be used on all switch ports. 

If you have an all-wireless, all BYOD environment, then it will be great. But if there are a significant amount of legacy devices you need "something else" for these. And the ISE could give you all at the same time. 

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.

View solution in original post

7 Replies 7
BrandonS
Kind of a big deal
‎Jun 1 2021 8:58 AM
‎Jun 1 2021 8:58 AM

You are a reseller, I guess?  You may want to start at https://salesconnect.cisco.com and read up on Meraki a bit.  BYOD is a pretty vague marketing term and does not correlate exactly with specific products or SKUs.  What exactly have you been asked to quote?

 

- Ex community all-star (⌐⊙_⊙)
In response to BrandonS
yongkhang
Comes here often
‎Jun 1 2021 11:00 PM
‎Jun 1 2021 11:00 PM

Hi Brandon, 

 

First of all, thanks for reply, 

 

Eventually i looking at Cisco BYOD solution, particular wireless access method, and try with no ISE involve maybe.

 

So i wonder if meraki can do 

1. Guest Access Management

2. 802.1x 

3. device onboarding

 

What component do i need to invest MX, SM , yet MR, MS as access media

 

Thanks

 

Noel

 

0 Kudos
In response to yongkhang
KarstenI
Kind of a big deal
Kind of a big deal
‎Jun 2 2021 2:40 AM
‎Jun 2 2021 2:40 AM

The MX typically does not play any significant role in the BYOD solution. The onboarding runs through manual enrolment or through the MR access-points and provisions the client into the SM Mobile Device Management.

Best to build a test-system for all your intended devices as there are some gotchas that make it less usable compared to an ISE. For example, the BYOD users can automatically get a certificate for WLAN access. But this is not an intended use case for your domain-users which need a different authentication. And these certificates can not be used on all switch ports. 

If you have an all-wireless, all BYOD environment, then it will be great. But if there are a significant amount of legacy devices you need "something else" for these. And the ISE could give you all at the same time. 

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
In response to KarstenI
yongkhang
Comes here often
‎Jun 3 2021 2:19 AM
‎Jun 3 2021 2:19 AM

Hi Karstenl,

 

Thanks for the reply.

 

Yup, all endpoint is wireless. Just want to get rid of Cisco ISE anyway.

 

I believe what you trying to say is leveraging the ISE profiling feature to recognize endpoint OS, in this case, i just try minimize the usage on device onboarding.

 

Thanks

0 Kudos
In response to yongkhang
KarstenI
Kind of a big deal
Kind of a big deal
‎Jun 3 2021 3:14 AM
‎Jun 3 2021 3:14 AM

No, that's not what I tried to say ... 😉

 

I was talking about how to authenticate your endpoints when entering the network. Your BYOD devices typically get a certificate enrolled and use the Meraki authentication (That is IMO one of the best features of SM). But the domain-PCs do not have a certificate from the Meraki Dashboard like the BYOD devices and have to be authenticated in a different way, for example through your Microsoft NPS.

The ISE could authenticate both your BYOD- and domain systems.

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
0 Kudos
In response to yongkhang
BrandonS
Kind of a big deal
‎Jun 2 2021 9:40 AM
‎Jun 2 2021 9:40 AM

It sounds like three basic SKUs you are after if I understand correctly:

 

1. Choose the model(s) of MR you like.

2. Choose license term 1-10 years and include one license per MR.

3. Choose number of Systems Manager licenses required. 

 

I encourage you to do Meraki Fit training if you are a reseller with a Cisco login: http://community.meraki.com/merakifit and/or watch some webinars/content on Meraki's YouTube channel to get a firm grasp of how it all works and fits together.

 

Best.

 

 

- Ex community all-star (⌐⊙_⊙)
0 Kudos
In response to BrandonS
BrandonS
Kind of a big deal
‎Jun 2 2021 9:44 AM
‎Jun 2 2021 9:44 AM

And are you a Cisco reseller and do you work in the CCW tool?  If so, you can order NFR (not for resale) gear for an incredibly low price to have some lab gear and play around with if you like.  You can also do a free 2 week trial, but then you have to send it back or be charged.

- Ex community all-star (⌐⊙_⊙)
0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.