Meraki

Community

Meraki integration with Forescout

ggarolla
Here to help
yesterday
yesterday

Meraki integration with Forescout

Dear colleagues,

 

I am looking into the possibility of migrating from our current 802.1X setup, which uses Windows Server NPS to authenticate both wired and wireless users, to Forescout. For your reference, we have Meraki switches and APs and we use EAP-TLS as authentication protocol.

I was able to configure the wired authentication part, but I am having issues finding documentation or hints for the wireless part.

I configured the Dashboard integration, using Meraki API and that works.

 

However, I am not sure how to configure APs as RADIUS clients in Forescout and then I am not quite sure how to configure the authentication policy to differentiate it from the wired one.

Do you guys have any experience in using Forescout as RADIUS server for Meraki APs?

 

Thanks!

Labels:
0 Kudos
4 Replies 4
JeroenVercoulen
Here to help
yesterday
yesterday

For at least to differentiate between wired and wireless clients you need to use NAS Device Properties like Called Station ID for example. You can use the same as in Windows Server NPS. I think you need to add every AP in the Wireless section of Forescout. You can find this under Tools --> Options

 

https://docs.forescout.com/bundle/radius-4-7-3-h/page/c-properties-for-use-in-policy-c-d1e5130.html#...

 

0 Kudos
In response to JeroenVercoulen
ggarolla
Here to help
yesterday
yesterday

The problem is that apparently the Wireless plugin in Forescout does not support Meraki APs, hence why I am not sure how and if I can add them as RADIUS clients.

 

0 Kudos
David-H
Meraki Employee
Meraki Employee
yesterday
yesterday

@ggarolla if you need help getting in touch with someone at Forescout, I'd recommend clicking "demo this app" on their marketplace listing

 

Xnip2025-01-29_09-26-47.jpg

PhilipDAth
Kind of a big deal
Kind of a big deal
yesterday
yesterday

I have no experience with Forescout.  Typically with RADIUS servers you can add a subnet (e,g. 10.0.0.0/8) and provide a configuration for every device in that subnet.

 

You shouldn't need to say what kind of device it is.  The RADIUS request says what kind of authentication the device requires (such as wired or WiFi 802.1x).

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2025 Cisco Systems, Inc.